diff mbox

gfortran: Fix allocation of diagnostig string (was too small).

Message ID 20160726154213.GA5371@linux.vnet.ibm.com
State New
Headers show

Commit Message

Dominik Vogt July 26, 2016, 3:42 p.m. UTC 
The attached patch fixes an out of bound write to memory allocated
with alloca() on the stack.  This rarely ever happened because on
one hand -fbounds-check needs to be enabled, and on the other hand
alloca() used to allocate a few bytes extra most of the time so
most of the time the excess write did no harm.

Ciao

Dominik ^_^  ^_^

Comments

Janne Blomqvist July 26, 2016, 5:05 p.m. UTC | #1 
On Tue, Jul 26, 2016 at 6:42 PM, Dominik Vogt <vogt@linux.vnet.ibm.com> wrote:
> The attached patch fixes an out of bound write to memory allocated
> with alloca() on the stack.  This rarely ever happened because on
> one hand -fbounds-check needs to be enabled, and on the other hand
> alloca() used to allocate a few bytes extra most of the time so
> most of the time the excess write did no harm.

Ok for trunk, thanks.
Andreas Krebbel July 29, 2016, 8:04 a.m. UTC | #2 
On 07/26/2016 05:42 PM, Dominik Vogt wrote:
> gcc/fortran/ChangeLog
> 
> 	* trans-array.c (gfc_conv_array_ref): Fix allocation of diagnostic
> 	message (was too small).

Applied.  Thanks!

-Andreas-
diff mbox

Patch

diff --git a/gcc/fortran/trans-array.c b/gcc/fortran/trans-array.c
index e95c8dd..7572755 100644
--- a/gcc/fortran/trans-array.c
+++ b/gcc/fortran/trans-array.c
@@ -3332,7 +3332,7 @@  gfc_conv_array_ref (gfc_se * se, gfc_array_ref * ar, gfc_expr *expr,
 	  if (ref->type == REF_ARRAY && &ref->u.ar == ar)
 	    break;
 	  if (ref->type == REF_COMPONENT)
-	    len += 1 + strlen (ref->u.c.component->name);
+	    len += 2 + strlen (ref->u.c.component->name);
 	}
 
       var_name = XALLOCAVEC (char, len);