[PATCH, committed, part2] PR fortran/95090 - ICE: identifier overflow

Jakub Jelinek jakub@redhat.com
Sat May 30 19:28:49 GMT 2020


On Sat, May 30, 2020 at 09:11:23PM +0200, Jakub Jelinek via Gcc-patches wrote:
> There is a possible buffer overflow in the string with or without that
> change but to fix that I think it would be desirable to pass not just the
> string buffer to the function but also the length of the buffer and in the
> function verify it will not overflow.  There is no reason to use sprintf
> which is fairly expensive, and could be even simplified.
> 
> So, once dt_name is const char *, change that
>   if (derived->attr.unlimited_polymorphic)
>     sprintf (string, "_%s", dt_name);
>   else if (derived->module)
>     sprintf (string, "%s_%s", derived->module, dt_name);
>   else if (derived->ns->proc_name)
>     sprintf (string, "%s_%s", derived->ns->proc_name->name, dt_name);
>   else
>     sprintf (string, "_%s", dt_name);
> to something like:
>   const char *first = "";
>   if (!derived->attr.unlimited_polymorphic)
>     {
>       if (derived->module)
> 	first = derived->module;
>       else if (derived->ns->proc_name)
> 	first = derived->ns->proc_name->name;
>     }
>   size_t len1 = strlen (first), len2 = strlen (dt_name);
>   if (len1 + 1 + len2 + 1 >= len) // len being the new passed argument - length of the buffer pointed by string
>     gfc_internal_error (...);
>   memcpy (string, first, len1);
>   string[len1] = '_';
>   memcpy (string + len1 + 1, dt_name, len2 + 1);

Or if you prefer replace everything starting with len1 above
with snprintf (string, len, "%s_%s", first, dt_name);
which will truncate (and if you need, you could
  if ((size_t) snprintf (string, len, "%s_%s", first, dt_name) >= len)
    gfc_internal_error (...);

	Jakub



More information about the Gcc-patches mailing list