PR fortran/95088 - Buffer overflows with PDTs, submodules and long symbols

Message ID trinity-12b460d7-8b32-45e0-a608-8e1f2f094d41-1591538847102@3c-app-gmx-bs57
State New
Headers show
Series
  • PR fortran/95088 - Buffer overflows with PDTs, submodules and long symbols
Related show

Commit Message

Harald Anlauf June 7, 2020, 2:07 p.m.
Here's a fix for another buffer overflow which is triggered by one of
Gerhard's (in)famous testsuite.  Looking at the way symbols are generated,
I decided to partly use a simple solution recommended by Jakub Jelinek.

Regtested with no new failures on x86_64-pc-linux-gnu.

OK for master?  Backports to 10/9?

Thanks,
Harald


PR fortran/95088 - Buffer overflows with PDTs, submodules and long symbols

With PDTs (parameterized derived types) and submodules, name mangling
results in variably long internal symbols.  Instead of using a fixed-size
intermediate buffer, which is actually not really needed, just use a
pointer to strings.

2020-06-07  Harald Anlauf  <anlauf@gmx.de>

gcc/fortran/
	PR fortran/95088
	* class.c (get_unique_type_string): Replace use of fixed size
	buffer by internally passing a pointer to strings.

Comments

Harald Anlauf June 14, 2020, 1:42 p.m. | #1
> Here's a fix for another buffer overflow which is triggered by one of

> Gerhard's (in)famous testsuite.  Looking at the way symbols are generated,

> I decided to partly use a simple solution recommended by Jakub Jelinek.

>

> Regtested with no new failures on x86_64-pc-linux-gnu.

>

> OK for master?  Backports to 10/9?


Ping?

Thanks,
Harald
Jakub Jelinek via Gcc-patches June 14, 2020, 1:51 p.m. | #2
Hi Harald,

>> Here's a fix for another buffer overflow which is triggered by one of

>> Gerhard's (in)famous testsuite.  Looking at the way symbols are generated,

>> I decided to partly use a simple solution recommended by Jakub Jelinek.

>>

>> Regtested with no new failures on x86_64-pc-linux-gnu.

>>

>> OK for master?  Backports to 10/9?

> 

> Ping?


OK, and thanks for the patch!

Regards

	Thomas

Patch

diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
index 8bb73502f5d..f131d60efa0 100644
--- a/gcc/fortran/class.c
+++ b/gcc/fortran/class.c
@@ -479,19 +479,11 @@  gfc_class_initializer (gfc_typespec *ts, gfc_expr *init_expr)
 static void
 get_unique_type_string (char *string, gfc_symbol *derived)
 {
-  /* Provide sufficient space to hold "Pdtsymbol".  */
-  char dt_name[GFC_MAX_SYMBOL_LEN+4];
+  const char *dt_name;
   if (derived->attr.unlimited_polymorphic)
-    strcpy (dt_name, "STAR");
+    dt_name = "STAR";
   else
-    {
-      const char *upper = gfc_dt_upper_string (derived->name);
-      size_t len = strnlen (upper, sizeof (dt_name));
-      if (len >= sizeof (dt_name))
-	gfc_internal_error ("get_unique_type_string: identifier overflow");
-      memcpy (dt_name, upper, len);
-      dt_name[len] = '\0';
-    }
+    dt_name = gfc_dt_upper_string (derived->name);
   if (derived->attr.unlimited_polymorphic)
     sprintf (string, "_%s", dt_name);
   else if (derived->module)
diff --git a/gcc/testsuite/gfortran.dg/pr95088.f90 b/gcc/testsuite/gfortran.dg/pr95088.f90
new file mode 100644
index 00000000000..318fc3f3677
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95088.f90
@@ -0,0 +1,31 @@ 
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95088 - ICE in gfc_build_class_symbol, at fortran/class.c:653
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  type t2345678901234567890123456789012345678901234567890123456789_123 &
+      (n2345678901234567890123456789012345678901234567890123456789_123,&
+       r2345678901234567890123456789012345678901234567890123456789_123,&
+       k2345678901234567890123456789012345678901234567890123456789_123,&
+       l2345678901234567890123456789012345678901234567890123456789_123 )
+     integer, kind :: n2345678901234567890123456789012345678901234567890123456789_123
+     integer, kind :: r2345678901234567890123456789012345678901234567890123456789_123
+     integer, kind :: k2345678901234567890123456789012345678901234567890123456789_123
+     integer, len  :: l2345678901234567890123456789012345678901234567890123456789_123
+     complex (kind  = r2345678901234567890123456789012345678901234567890123456789_123) &
+                   :: z2345678901234567890123456789012345678901234567890123456789_123
+     character(kind = k2345678901234567890123456789012345678901234567890123456789_123, &
+                len = l2345678901234567890123456789012345678901234567890123456789_123) &
+                   :: c2345678901234567890123456789012345678901234567890123456789_123
+  end type
+  type, extends (t2345678901234567890123456789012345678901234567890123456789_123) :: &
+      a2345678901234567890123456789012345678901234567890123456789_123
+  end type
+  interface
+     module subroutine s2345678901234567890123456789012345678901234567890123456789_123 &
+                      (x2345678901234567890123456789012345678901234567890123456789_123)
+       class(a2345678901234567890123456789012345678901234567890123456789_123(16,8,4,1234567890)) :: &
+             x2345678901234567890123456789012345678901234567890123456789_123
+     end
+  end interface
+end