From patchwork Sat May 4 19:43:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Damianov X-Patchwork-Id: 1931386 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=disroot.org header.i=@disroot.org header.a=rsa-sha256 header.s=mail header.b=Xy+gALi1; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VWynz3wsYz1yb7 for ; Sun, 5 May 2024 05:45:43 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9ED043849ACE for ; Sat, 4 May 2024 19:45:41 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) by sourceware.org (Postfix) with ESMTPS id BAC0E3858C53 for ; Sat, 4 May 2024 19:45:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BAC0E3858C53 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=disroot.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=disroot.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BAC0E3858C53 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=178.21.23.139 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714851925; cv=none; b=Mtyz0R43tC0ugSMKmLntnmG4KEctVEnEoyz5cT4FZs/Lr2dNfOlcoU9z/8oazWB0uTRuZ1ufOCJCw35ZY6u3/IkBd0pS7Psk6FsaNu95craJk9mdlSrA1IHw1LzSFwhVio6PBSCBL1pHH4fX30+xKlAcE9SDvmS5PoT/FgeXLAo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714851925; c=relaxed/simple; bh=MnYhhkHpJJ5nFg5sRPOofM7Ev0HFHUi9RXnDNK6QFDU=; h=From:DKIM-Signature:To:Subject:Date:Message-Id:MIME-Version; b=hnicy81GDV9AuRpDgoir6COD9OaeUneUGvJShDY8IF/8nn61BW0336AZ0MZAYgXn1keTe3z9VjXWAY2SBd2KdQYcoZVREbBD9xEjApskDiK+HrIP00QRafzX8U758JR8PeS1Edkw4gdUsYLKdPMCje7ilTaWSMmkdogPInVxiqM= ARC-Authentication-Results: i=1; server2.sourceware.org X-Virus-Scanned: SPAM Filter at disroot.org From: Peter Damianov DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1714851922; bh=MnYhhkHpJJ5nFg5sRPOofM7Ev0HFHUi9RXnDNK6QFDU=; h=From:To:Cc:Subject:Date; b=Xy+gALi1M3ZIH4oKk+Lg310kR8bL+G+aQWECXelmCGR4c7znDS4qKXv60CRBD2W1S NUaExnk4tXwXVeOvEMYQMLXY5vEF016ujt3HEtcP0mGZ1/IZp21ZtJU1+w5UqYAvnD O8Y+PdbLBXijtYUIBfBuaiLrKnmNYUTHcfCZFzJFeC55aEJ5qzdZWNWIc0/YJudgW7 772nIDNSgDI16AGsHcLOTgHfxRdOYzZv2Wg+WClpRzsrWdF5pmzizt7BEdymxpUSH5 e3luac0gPsYn3cOUcXWohaJtEGEXmkZqrtwq9ih0R6ltLtUARzEicwf8GcnxHZNSzc QI+cxkZMebq/g== To: gcc-patches@gcc.gnu.org Cc: Peter Damianov Subject: [PATCH v2] Driver: Reject output filenames with source file suffixes [PR80182] Date: Sat, 4 May 2024 12:43:27 -0700 Message-Id: <20240504194324.25058-1-peter0x44@disroot.org> MIME-Version: 1.0 X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Currently, commands like: gcc -o file.c -lm will delete the user's code. This patch checks the suffix of the output, and errors if the output ends in any of the suffixes listed in default_compilers. Unfortunately, I couldn't come up with a better heuristic to diagnose this case more specifically, so it is now not possible to directly make executables with said suffixes. I am unsure if any users are depending on this. PR driver/80182 * gcc.cc (process_command): fatal_error if the output has the suffix of a source file. (have_c): Change type to bool. (have_O): Change type to bool. (have_E): Change type to bool. (have_S): New global variable. (driver_handle_option): Assign have_S Signed-off-by: Peter Damianov --- v2: use strrchr instead of lrealpath and strchr gcc/gcc.cc | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/gcc/gcc.cc b/gcc/gcc.cc index 830a4700a87..1c4f7032091 100644 --- a/gcc/gcc.cc +++ b/gcc/gcc.cc @@ -2127,13 +2127,16 @@ static vec at_file_argbuf; static bool in_at_file = false; /* Were the options -c, -S or -E passed. */ -static int have_c = 0; +static bool have_c = false; /* Was the option -o passed. */ -static int have_o = 0; +static bool have_o = false; /* Was the option -E passed. */ -static int have_E = 0; +static bool have_E = false; + +/* Was the option -S passed. */ +static bool have_S = false; /* Pointer to output file name passed in with -o. */ static const char *output_file = 0; @@ -4593,6 +4596,10 @@ driver_handle_option (struct gcc_options *opts, have_E = true; break; + case OPT_S: + have_S = true; + break; + case OPT_x: spec_lang = arg; if (!strcmp (spec_lang, "none")) @@ -5058,6 +5065,21 @@ process_command (unsigned int decoded_options_count, output_file); } + /* Reject output file names that have the same suffix as a source + file. This is to catch mistakes like: gcc -o file.c -lm + that could delete the user's code. */ + if (have_o && output_file != NULL && !have_E && !have_S) + { + const char* suffix = strrchr(output_file, '.'); + if (suffix != NULL) + for (int i = 0; i < n_default_compilers; ++i) + if (!strcmp(suffix, default_compilers[i].suffix)) + fatal_error (input_location, + "output file suffix %qs could be a source file", + suffix); + } + + if (output_file != NULL && output_file[0] == '\0') fatal_error (input_location, "output filename may not be empty");