[patch, libgfortran] Bug 81937 - stack-buffer-overflow on memcpy
Jerry DeLisle
jvdelisle@charter.net
Sat Dec 16 16:26:00 GMT 2017
Hi all,
This problem was found with -fsanitize=address.
Turns out we are not correctly tracking the bytes left in the internal unit
string and we were reading memory past the end. I am sure the problem exists in
gcc 7 and I will examine gcc 6 as well and fix this in all cases I see. The
function sread is basically a wrapper on memcpy
The patch is fairly straight forward.
Regression tested on x86_64-pc-linux-gnu. OK for trunk and back ports as I find?
Regards,
Jerry
2017-12-16 Jerry DeLisle <jvdelisle@gcc.gnu.org>
PR libgfortran/81937
* io/list_read.c (next_char_internal): Don't attempt to read
from the internal unit stream if no bytes are left. Decrement
bytes_left in the right place.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pr81937.diff
Type: text/x-patch
Size: 1324 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20171216/f43acc0b/attachment.bin>
More information about the Gcc-patches
mailing list