diff mbox series

[8/9/10/11,Regression] PR fortran/95689 - ICE in check_sym_interfaces, at fortran/interface.c:2015

Message ID trinity-157004fc-dcd4-421f-8808-1c4aaf040c52-1592254075519@3c-app-gmx-bs33
State New
Headers show
Series None | expand

Commit Message

Harald Anlauf June 15, 2020, 8:47 p.m. UTC 
YABRBG (Yet another bug report by Gerhard).

Sigh.  Another buffer overflow.

We extend the buffer and now check for overflow.

Regtested on x86_64-pc-linux-gnu.

OK for master?  Backports where possible?

Thanks,
Harald



PR fortran/95689 - ICE in check_sym_interfaces, at fortran/interface.c:2015

With submodules, name mangling of interfaces may result in long internal
symbols overflowing an internal buffer.  We now check that we do not
exceed the enlarged buffer size.

gcc/fortran/
	PR fortran/95689
	* class.c (get_unique_type_string): Enlarge temporary buffer, and
	add check on length on mangled name to prevent overflow.

Comments

Harald Anlauf June 15, 2020, 9:29 p.m. UTC | #1 
Copy&paste error on the git commit message:

> gcc/fortran/
> 	PR fortran/95689
> 	* class.c (get_unique_type_string): Enlarge temporary buffer, and
> 	add check on length on mangled name to prevent overflow.

This should have been:

gcc/fortran/
	PR fortran/95689
	* interface.c (check_sym_interfaces): Enlarge temporary buffer,
	and add check on length on mangled name to prevent overflow.

Sorry for that.

Harald
diff mbox series

Patch

diff --git a/gcc/fortran/interface.c b/gcc/fortran/interface.c
index f33c6632b45..b1a75a37b0e 100644
--- a/gcc/fortran/interface.c
+++ b/gcc/fortran/interface.c
@@ -1981,7 +1981,8 @@  check_interface1 (gfc_interface *p, gfc_interface *q0,
 static void
 check_sym_interfaces (gfc_symbol *sym)
 {
-  char interface_name[GFC_MAX_SYMBOL_LEN + sizeof("generic interface ''")];
+  /* Provide sufficient space to hold "generic interface 'symbol.symbol'".  */
+  char interface_name[2*GFC_MAX_SYMBOL_LEN+2 + sizeof("generic interface ''")];
   gfc_interface *p;

   if (sym->ns != gfc_current_ns)
@@ -1989,6 +1990,8 @@  check_sym_interfaces (gfc_symbol *sym)

   if (sym->generic != NULL)
     {
+      size_t len = strlen (sym->name) + sizeof("generic interface ''");
+      gcc_assert (len < sizeof (interface_name));
       sprintf (interface_name, "generic interface '%s'", sym->name);
       if (check_interface0 (sym->generic, interface_name))
 	return;
diff --git a/gcc/testsuite/gfortran.dg/pr95689.f90 b/gcc/testsuite/gfortran.dg/pr95689.f90
new file mode 100644
index 00000000000..287ae50b0cb
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95689.f90
@@ -0,0 +1,16 @@ 
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95689 - ICE in check_sym_interfaces, at fortran/interface.c:2015
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+  type t2345678901234567890123456789012345678901234567890123456789_123
+   end type
+   interface
+      module subroutine s2345678901234567890123456789012345678901234567890123456789_123 &
+                       (x2345678901234567890123456789012345678901234567890123456789_123)
+      end
+   end interface
+end
+submodule(m2345678901234567890123456789012345678901234567890123456789_123) &
+          t2345678901234567890123456789012345678901234567890123456789_123
+end