From patchwork Mon Nov 25 09:58:47 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marek Polacek <polacek@redhat.com>
X-Patchwork-Id: 293871
Return-Path: 
 <gcc-patches-return-356071-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 4A5EA2C00E3
	for <incoming@patchwork.ozlabs.org>;
	Mon, 25 Nov 2013 20:59:09 +1100 (EST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:references:mime-version
	:content-type:in-reply-to; q=dns; s=default; b=SFpN0AQavQmixH0jl
	rba3bvIK8ngALi9MfgsXkBNOxmXeYydrR2vBqAok3iKoiOimwp2TtNJ3qDU+hKMj
	AoK4KBuexUgVrdjCDmu3YB3DleyOMPOwF1vl8Si+nTnw2fuIHBthKspeJkvHIkaX
	DFYedTdUongWZnhA76VlfTHpT4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:cc:subject:message-id:references:mime-version
	:content-type:in-reply-to; s=default; bh=E3ubKfSWq2AcyyVLk9vTqcE
	+uhI=; b=Cgd/5+OcJ9eHs2XGKUDBr7R0hQyUQf3Ssxj86msQy21zTOgtpxmU/OB
	qE23rNoC28PhXdgrTlVhpWquHEX7AIubYu6mqaDcU9b1h+AHSTmUCRiq3zoHJV47
	aVnZdhdL5eSiA5PJ4L0/np1IL31aXw+FXRnHMhfftaIWJVjzbKyg=
Received: (qmail 15060 invoked by alias); 25 Nov 2013 09:59:00 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <mailto:gcc-patches-unsubscribe-##L=##H@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 15051 invoked by uid 89); 25 Nov 2013 09:58:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=AWL, BAYES_50,
	RDNS_NONE, SPF_HELO_PASS, SPF_PASS autolearn=no version=3.3.2
X-HELO: mx1.redhat.com
Received: from Unknown (HELO mx1.redhat.com) (209.132.183.28) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Mon, 25 Nov 2013 09:58:58 +0000
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])	by
	mx1.redhat.com (8.14.4/8.14.4) with ESMTP id
	rAP9wp1K016695	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=OK)	for <gcc-patches@gcc.gnu.org>;
	Mon, 25 Nov 2013 04:58:51 -0500
Received: from redhat.com (ovpn-116-18.ams2.redhat.com [10.36.116.18])	by
	int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4)
	with ESMTP id rAP9wmsi011348	(version=TLSv1/SSLv3
	cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Mon, 25 Nov 2013 04:58:50 -0500
Date: Mon, 25 Nov 2013 10:58:47 +0100
From: Marek Polacek <polacek@redhat.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH] Prevent out-of-bounds access (PR sanitizer/59258)
Message-ID: <20131125095847.GM30062@redhat.com>
References: <20131125092700.GK30062@redhat.com>
	<20131125093600.GT892@tucnak.redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20131125093600.GT892@tucnak.redhat.com>
User-Agent: Mutt/1.5.20 (2009-06-14)

On Mon, Nov 25, 2013 at 10:36:00AM +0100, Jakub Jelinek wrote:
> On Mon, Nov 25, 2013 at 10:27:00AM +0100, Marek Polacek wrote:
> > This fixes a thinko of mine: when I added another two elements to the
> > ubsan data structure, I forgot to increase the size of the array.
> > 
> > Alternatively, I could use an alloca for this (VLAs issue a warning
> > in C++03 and are thus no-go :().
> > 
> > I don't have a simple testcase for this.  Valgrind/asan would be
> > needed.
> > 
> > Ran the testsuite.  Ok for trunk?
> > 
> > 2013-11-25  Marek Polacek  <polacek@redhat.com>
> > 
> > 	* ubsan.c (ubsan_create_data): Increase the size of the fields array.
> 
> Ok, but can you also fix up formatting in the function:
> 
>       /* We have to add two more decls.  */
>       fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
>                                 pointer_sized_int_node);
> the above line is indented too much... .

I'll commit the following then.

2013-11-25  Marek Polacek  <polacek@redhat.com>

	* ubsan.c (ubsan_create_data): Increase the size of the fields array.


	Marek

--- gcc/ubsan.c.mp3	2013-11-25 10:46:48.488069505 +0100
+++ gcc/ubsan.c	2013-11-25 10:47:09.646145804 +0100
@@ -387,7 +387,7 @@ ubsan_create_data (const char *name, loc
 {
   va_list args;
   tree ret, t;
-  tree fields[3];
+  tree fields[5];
   vec<tree, va_gc> *saved_args = NULL;
   size_t i = 0;
 
@@ -425,7 +425,7 @@ ubsan_create_data (const char *name, loc
     {
       /* We have to add two more decls.  */
       fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
-				pointer_sized_int_node);
+			      pointer_sized_int_node);
       DECL_CONTEXT (fields[i]) = ret;
       DECL_CHAIN (fields[i - 1]) = fields[i];
       i++;