From patchwork Fri Apr  1 17:00:09 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Marcel_B=C3=B6hme?= <boehme.marcel@gmail.com>
X-Patchwork-Id: 604936
Return-Path: 
 <gcc-patches-return-424231-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3qc71653hWz9sBm
	for <incoming@patchwork.ozlabs.org>;
	Sat,  2 Apr 2016 04:00:25 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b=SHRMxL3W; dkim-atps=neutral
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender
	:content-type:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to; q=dns; s=
	default; b=ZbzJ2eo5OaQe+nU1Ns3h7Z94fbonHny+3rt2tGC6uJsslvN+80DqJ
	AHSad13GiAXSmQ0fHje+vqey47aGp6ftk2TpAGbixa7Ilopg/ZV5ayXlrkWtRC0Q
	lnGdxWarC+Sq9MkuD4K62xFDo4DpWN/u18Fb+oWbrwKISEwlGccVF8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender
	:content-type:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to; s=default;
	bh=vSaipTkgKoG4nsLY525PddqE7QA=; b=SHRMxL3W8xZ7vyWB7qmYRMznJ9Pm
	U5lyiyuNyNVUPgsCShB8QIggcBf2Nm6UCLb1FogR0NHsTvisu9XAa5EfOoN9fh8t
	JLoJEkLL9+aaNurC9M7EFpzVThQq5LTXcktHYTamnp885OQ7OEB2QIVw8Na/K8xd
	w/ltHMz7+Apl0zs=
Received: (qmail 32016 invoked by alias); 1 Apr 2016 17:00:18 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 31992 invoked by uid 89); 1 Apr 2016 17:00:16 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,
	SPF_PASS autolearn=ham version=3.3.2 spammy=HMime-Version:3124,
	HMime-Version:9.3, our, Checked
X-HELO: mail-pf0-f182.google.com
Received: from mail-pf0-f182.google.com (HELO mail-pf0-f182.google.com)
	(209.85.192.182) by sourceware.org
	(qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256
	encrypted) ESMTPS; Fri, 01 Apr 2016 17:00:14 +0000
Received: by mail-pf0-f182.google.com with SMTP id 4so95402278pfd.0 for
	<gcc-patches@gcc.gnu.org>; Fri, 01 Apr 2016 10:00:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net;
	s=20130820;
	h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=SCjXNPb8kevLJe8o6QVje4KKhgYV3RpJuR2zpwN4aLo=;
	b=Kizg6DZI+2pTI6tYXN5eaaTd/BYLv1GzGsMD3qpbvmGxvgqIcMf32EhhB7ysZtB9nZ
	3Px4BOQoxYYUdH3XDvVZR7zDibVWWnOWi3WbPvnQuMAtRTxYrorpaGChKWZ7ApKhatm/
	yn92KmdJlENiElAsh4lgo7Tv317nwTFKwWzW81XUISJA15Qbh2KdlPwV3dZQYiEC74JM
	BcTxJ8/As+4mz8olts+M4slWcerJ2lsJpXbE7glGN+PfIXMpCqs/I4IfLNdJs/KKKTtc
	WXRnDvUKwYqaYDBv1J6im5dq+3q2sibZeOzOqAnme72FDZU74lUIbf0YBpUrMfjobZDs
	Xg7A==
X-Gm-Message-State: 
 AD7BkJJ9Ycb5lZiyTsbPgFPYYt2LDMFWoRDh3oG5WZf5QhJvzsnPCzKwPCfnUw03PjYZJQ==
X-Received: by 10.98.34.216 with SMTP id p85mr71133pfj.45.1459530013168;
	Fri, 01 Apr 2016 10:00:13 -0700 (PDT)
Received: from [192.168.0.129] ([116.87.35.237]) by smtp.gmail.com with
	ESMTPSA id d19sm21175566pfj.92.2016.04.01.10.00.11
	(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 01 Apr 2016 10:00:12 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: Proposed Patch for Bug 69687
From: =?windows-1252?Q?Marcel_B=F6hme?= <boehme.marcel@gmail.com>
In-Reply-To: <56FE8068.2070506@redhat.com>
Date: Sat, 2 Apr 2016 01:00:09 +0800
Cc: Mike Stump <mikestump@comcast.net>, gcc-patches@gcc.gnu.org
Message-Id: <49B60A75-7FA7-4202-8D10-EEB8674A5560@gmail.com>
References: <EA6F36C4-86FE-4018-8CB0-D0F314C1528D@gmail.com>
	<EBBC24E4-04F9-4A8F-9A5D-801BFF9009EF@comcast.net>
	<66021953-4407-44D7-B252-0D2D685CF235@gmail.com>
	<56FA7396.7060507@redhat.com>
	<42533159-9D5B-476F-A209-44C81C2B9AA0@gmail.com>
	<56FE8068.2070506@redhat.com>
To: Bernd Schmidt <bschmidt@redhat.com>

> 
> Forgot about this issue, sorry. At least this needs guarding with #ifdef HAVE_LIMITS_H, as in the other files in libiberty. Several of them also go to trouble to define the macros if limits.h is missing; not sure how much of an issue that is nowadays, but you might want to adapt something like the code from strtol.c:
> 
> #ifndef ULONG_MAX
> #define ULONG_MAX       ((unsigned long)(~0L))          /* 0xFFFFFFFF */
> #endif
> 
> #ifndef LONG_MAX
> #define LONG_MAX        ((long)(ULONG_MAX >> 1))        /* 0x7FFFFFFF */
> #endif
> 
> Mind trying that and doing a full test run as described in my other mail?

Regression tested on x86_64-pc-linux-gnu (make check). Checked PR69687 is resolved (via binutils); even for our definition of INT_MAX.
No test cases added since the test would take up to 2 minutes and end in xmalloc_failed even in the successful case.

Thanks,
- Marcel

Index: libiberty/cplus-dem.c
===================================================================
--- libiberty/cplus-dem.c	(revision 234663)
+++ libiberty/cplus-dem.c	(working copy)
@@ -56,6 +56,13 @@ void * malloc ();
 void * realloc ();
 #endif
 
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifndef INT_MAX
+# define INT_MAX       (int)(((unsigned int) ~0) >> 1)          /* 0x7FFFFFFF */ 
+#endif
+
 #include <demangle.h>
 #undef CURRENT_DEMANGLING_STYLE
 #define CURRENT_DEMANGLING_STYLE work->options
@@ -4256,6 +4263,8 @@ remember_type (struct work_stuff *work,
 	}
       else
 	{
+          if (work -> typevec_size > INT_MAX / 2)
+	    xmalloc_failed (INT_MAX);
 	  work -> typevec_size *= 2;
 	  work -> typevec
 	    = XRESIZEVEC (char *, work->typevec, work->typevec_size);
@@ -4283,6 +4292,8 @@ remember_Ktype (struct work_stuff *work,
 	}
       else
 	{
+          if (work -> ksize > INT_MAX / 2)
+	    xmalloc_failed (INT_MAX);
 	  work -> ksize *= 2;
 	  work -> ktypevec
 	    = XRESIZEVEC (char *, work->ktypevec, work->ksize);
@@ -4312,6 +4323,8 @@ register_Btype (struct work_stuff *work)
 	}
       else
 	{
+          if (work -> bsize > INT_MAX / 2)
+	    xmalloc_failed (INT_MAX);
 	  work -> bsize *= 2;
 	  work -> btypevec
 	    = XRESIZEVEC (char *, work->btypevec, work->bsize);
@@ -4766,6 +4779,8 @@ string_need (string *s, int n)
   else if (s->e - s->p < n)
     {
       tem = s->p - s->b;
+      if (n > INT_MAX / 2 - tem)
+        xmalloc_failed (INT_MAX); 
       n += tem;
       n *= 2;
       s->b = XRESIZEVEC (char, s->b, n);