| Message ID | 1548263557-42784-1-git-send-email-dmalcolm@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | aarch64: fix use-after-free in -march=native (PR driver/89014) | expand |
On 23/01/2019 17:12, David Malcolm wrote: > Running: > $ valgrind ./xgcc -B. -c test.c -march=native > on aarch64 shows a use-after-free in host_detect_local_cpu due > to the std::string result of aarch64_get_extension_string_for_isa_flags > only living until immediately after a c_str call. > > This leads to corrupt "-march=" values being passed to cc1. > > This patch fixes the use-after-free, though it appears to also need > Tamar's patch here: > https://gcc.gnu.org/ml/gcc-patches/2018-12/msg01302.html > in order to generate valid values for cc1. This may have worked by > accident in the past, if the corrupt "-march=" value happened to be > 0-terminated in the "right" place; with this patch it now appears > to reliably break without Tamar's patch. > > Lightly tested: I've manually verified that this cleans up the valgrind > output for the driver, but I haven't bootstrapped with it. > > OK for trunk? > OK. R. > gcc/ChangeLog: > PR driver/89014 > * config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix > use-after-free of the result of > aarch64_get_extension_string_for_isa_flags. > --- > gcc/config/aarch64/driver-aarch64.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/gcc/config/aarch64/driver-aarch64.c b/gcc/config/aarch64/driver-aarch64.c > index 2bf1f9a..100e0c3 100644 > --- a/gcc/config/aarch64/driver-aarch64.c > +++ b/gcc/config/aarch64/driver-aarch64.c > @@ -178,7 +178,6 @@ host_detect_local_cpu (int argc, const char **argv) > unsigned int variants[2] = { ALL_VARIANTS, ALL_VARIANTS }; > unsigned int n_variants = 0; > bool processed_exts = false; > - const char *ext_string = ""; > unsigned long extension_flags = 0; > unsigned long default_flags = 0; > > @@ -348,11 +347,12 @@ host_detect_local_cpu (int argc, const char **argv) > if (tune) > return res; > > - ext_string > - = aarch64_get_extension_string_for_isa_flags (extension_flags, > - default_flags).c_str (); > - > - res = concat (res, ext_string, NULL); > + { > + std::string extension > + = aarch64_get_extension_string_for_isa_flags (extension_flags, > + default_flags); > + res = concat (res, extension.c_str (), NULL); > + } > > return res; > >
diff --git a/gcc/config/aarch64/driver-aarch64.c b/gcc/config/aarch64/driver-aarch64.c index 2bf1f9a..100e0c3 100644 --- a/gcc/config/aarch64/driver-aarch64.c +++ b/gcc/config/aarch64/driver-aarch64.c @@ -178,7 +178,6 @@ host_detect_local_cpu (int argc, const char **argv) unsigned int variants[2] = { ALL_VARIANTS, ALL_VARIANTS }; unsigned int n_variants = 0; bool processed_exts = false; - const char *ext_string = ""; unsigned long extension_flags = 0; unsigned long default_flags = 0; @@ -348,11 +347,12 @@ host_detect_local_cpu (int argc, const char **argv) if (tune) return res; - ext_string - = aarch64_get_extension_string_for_isa_flags (extension_flags, - default_flags).c_str (); - - res = concat (res, ext_string, NULL); + { + std::string extension + = aarch64_get_extension_string_for_isa_flags (extension_flags, + default_flags); + res = concat (res, extension.c_str (), NULL); + } return res;