From patchwork Mon Dec 21 09:18:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Jelinek X-Patchwork-Id: 1418942 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gcc.gnu.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=Xc85CF2L; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Czv5h4C9Wz9sTL for ; Mon, 21 Dec 2020 20:18:16 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E7307386184C; Mon, 21 Dec 2020 09:18:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E7307386184C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1608542293; bh=I7PFxDNnftpqVEAtU9wncSZ62NO17yL8jsRgVcSNtzM=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=Xc85CF2L3S04ZPr1TRinmHzkI/18t63g1qQlhTkX/1NJN69TNJdjHB6kuyTFDksav //w7TU9V5NvS566APCSoZ8QzjPeS0WUNLqptfFMDxoRdsXK8hkQdbe9YjJx/CHd7EB 2skTvxLMqxuZEPEXPhGwkpMpbCWCEW8Q2BKe3Ink= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by sourceware.org (Postfix) with ESMTP id 0D0BB3850436 for ; Mon, 21 Dec 2020 09:18:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0D0BB3850436 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-201-B7ZiIcSRM8-gxTOyq5IpPg-1; Mon, 21 Dec 2020 04:18:08 -0500 X-MC-Unique: B7ZiIcSRM8-gxTOyq5IpPg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9681951082 for ; Mon, 21 Dec 2020 09:18:07 +0000 (UTC) Received: from tucnak.zalov.cz (ovpn-112-11.ams2.redhat.com [10.36.112.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 407275B4BE for ; Mon, 21 Dec 2020 09:18:07 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.16.1/8.16.1) with ESMTPS id 0BL9I4Qe2836466 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 21 Dec 2020 10:18:04 +0100 Received: (from jakub@localhost) by tucnak.zalov.cz (8.16.1/8.16.1/Submit) id 0BL9I3wI2836465 for gcc-patches@gcc.gnu.org; Mon, 21 Dec 2020 10:18:03 +0100 Date: Mon, 21 Dec 2020 10:18:03 +0100 To: gcc-patches@gcc.gnu.org Subject: [committed] fold-const: Fix up a buffer overflow in native_encode_initializer [PR98407] Message-ID: <20201221091803.GF3788@tucnak> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Jakub Jelinek via Gcc-patches From: Jakub Jelinek Reply-To: Jakub Jelinek Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" Hi! For flexible array members we need to incrementally clear just from ptr + total_bytes up to new ptr + total_bytes, but memset has been called with the length from ptr, so was missing - total_bytes. Additionally, in this code off is guaranteed to be -1 and thus o 0, so don't bother pretending we could handle anything else, it would be more complicated than that. Sorry for this brown paper bug, tested on x86_64-linux, committed to trunk as obvious. 2020-12-21 Jakub Jelinek PR tree-optimization/98407 * fold-const.c (native_encode_initializer): When handling flexible array members, fix up computation of length for memset. Also remove " - o" as o is always guaranteed to be 0 in this code path. * gcc.c-torture/compile/pr98407.c: New test. Jakub --- gcc/fold-const.c.jj 2020-12-19 22:24:03.945714395 +0100 +++ gcc/fold-const.c 2020-12-21 09:59:59.715313469 +0100 @@ -8280,9 +8280,9 @@ native_encode_initializer (tree init, un return 0; if (pos + fieldsize > total_bytes) { - if (ptr != NULL && total_bytes - o < len) - memset (ptr + (total_bytes - o), - '\0', MIN (pos + fieldsize - o, len)); + if (ptr != NULL && total_bytes < len) + memset (ptr + total_bytes, '\0', + MIN (pos + fieldsize, len) - total_bytes); total_bytes = pos + fieldsize; } } --- gcc/testsuite/gcc.c-torture/compile/pr98407.c.jj 2020-12-21 10:05:11.824717082 +0100 +++ gcc/testsuite/gcc.c-torture/compile/pr98407.c 2020-12-21 10:04:54.267919387 +0100 @@ -0,0 +1,10 @@ +/* PR tree-optimization/98407 */ + +struct S { int a; int b[]; }; +const struct S c = { 0, { 0 } }, d = { 0, { 0 } }; + +int +foo (void) +{ + return __builtin_memcmp (&c, &d, sizeof d); +}