diff mbox

Prevent out of bound access for multilib_options

Message ID CA+yXCZC-X8kM3dgaq9T5xfRqhwrTE3LySu3oUAc3L6gi4vZSsg@mail.gmail.com
State New
Headers show

Commit Message

Kito Cheng April 15, 2014, 8:30 a.m. UTC 
Hi Jakub:
Thanks your review and approve, however I don't have commit right yet,
 can you help me to commit it :)

And here is updated patch in attachment, thanks!

On Mon, Apr 14, 2014 at 8:12 PM, Jakub Jelinek <jakub@redhat.com> wrote:
> On Wed, Apr 09, 2014 at 10:00:38PM +0800, Kito Cheng wrote:
>> `q` will out of bound access if `*q` already reach the end of
>> multilib_options, so check it before increment to prevent condition
>> check part out of bound access.
>>
>> btw, this bug is detected by address sanitizer.
>>
>>
>> 2014-04-09  Kito Cheng  <kito@0xlab.org>
>>     * gcc.c (used_arg): Prevent out of bound access for multilib_options.
>
> There should be a newline between date/name/email line and
> * gcc.c ... and the * gcc.c line should be indented by tab.
>
>> diff --git a/gcc/gcc.c b/gcc/gcc.c
>> index 5cb485a..c8ab7d6 100644
>> --- a/gcc/gcc.c
>> +++ b/gcc/gcc.c
>> @@ -7490,7 +7490,7 @@ used_arg (const char *p, int len)
>>         {
>>           const char *r;
>>
>> -         for (q = multilib_options; *q != '\0'; q++)
>> +         for (q = multilib_options; *q != '\0'; *q && q++)
>>             {
>>               while (*q == ' ')
>>                 q++;
>
> Ok for trunk and 4.9.1.
>
>         Jakub
diff mbox

Patch

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 2fbdb01..f161c8a 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,7 @@ 
+2014-04-15  Kito Cheng  <kito@0xlab.org>
+
+	* gcc.c (used_arg): Prevent out of bound access for multilib_options.
+
 2014-04-15  Jakub Jelinek  <jakub@redhat.com>
 
 	PR plugins/59335
diff --git a/gcc/gcc.c b/gcc/gcc.c
index 5cb485a..c8ab7d6 100644
--- a/gcc/gcc.c
+++ b/gcc/gcc.c
@@ -7490,7 +7490,7 @@  used_arg (const char *p, int len)
 	{
 	  const char *r;
 
-	  for (q = multilib_options; *q != '\0'; q++)
+	  for (q = multilib_options; *q != '\0'; *q && q++)
 	    {
 	      while (*q == ' ')
 		q++;