From patchwork Thu Sep 30 06:16:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aldy Hernandez X-Patchwork-Id: 1534662 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=Xik3T0uB; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HKjhS6X4Pz9t0k for ; Thu, 30 Sep 2021 16:17:27 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E892D3858422 for ; Thu, 30 Sep 2021 06:17:24 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E892D3858422 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1632982644; bh=jCjdHZk97PzOsEEFZ0YBuywFC60/oaer43UKra8+Sy4=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=Xik3T0uBIv2jpmmXX8aa4ley/uVYzP8Vb/hcNwVN0O8kLU1p/2Yh4TcuXKCL3aYp/ TYS88fTAMn6iMzcwrqDNpn+CoGmHbTvhc00ISHZAyKWGtOR8f7KbRKG6LFEi8QLEVy BA9SELaDOU2f8vr0EnjmPHVCJSGVs4GmU8g8K5ys= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 0F4533858C39 for ; Thu, 30 Sep 2021 06:16:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0F4533858C39 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-14-59Qu7N0EOmavqdzUGPskSg-1; Thu, 30 Sep 2021 02:16:38 -0400 X-MC-Unique: 59Qu7N0EOmavqdzUGPskSg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1C9F8835DE0 for ; Thu, 30 Sep 2021 06:16:38 +0000 (UTC) Received: from abulafia.quesejoda.com (unknown [10.39.192.179]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AA508102AE41; Thu, 30 Sep 2021 06:16:37 +0000 (UTC) Received: from abulafia.quesejoda.com (localhost [127.0.0.1]) by abulafia.quesejoda.com (8.16.1/8.15.2) with ESMTPS id 18U6GZ0T1285541 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 30 Sep 2021 08:16:35 +0200 Received: (from aldyh@localhost) by abulafia.quesejoda.com (8.16.1/8.16.1/Submit) id 18U6GZMP1285540; Thu, 30 Sep 2021 08:16:35 +0200 To: GCC patches Subject: [PATCH] Plug possible snprintf overflow in lto-wrapper. Date: Thu, 30 Sep 2021 08:16:30 +0200 Message-Id: <20210930061630.1285483-1-aldyh@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Aldy Hernandez via Gcc-patches From: Aldy Hernandez Reply-To: Aldy Hernandez Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" My upcoming improvements to the DOM threader triggered a warning in this code. It looks like the format string is ".ltrans%u.ltrans", but we're only writing a max of ".ltrans" + whatever the MAX_INT is here. Tested on x86-64 Linux. OK? gcc/ChangeLog: * lto-wrapper.c (run_gcc): Plug snprintf overflow. --- gcc/lto-wrapper.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/gcc/lto-wrapper.c b/gcc/lto-wrapper.c index 903c258a03a..7b9e4883f38 100644 --- a/gcc/lto-wrapper.c +++ b/gcc/lto-wrapper.c @@ -1983,7 +1983,9 @@ cont: output_name = XOBFINISH (&env_obstack, char *); /* Adjust the dumpbase if the linker output file was seen. */ - int dumpbase_len = (strlen (dumppfx) + sizeof (DUMPBASE_SUFFIX)); + int dumpbase_len = (strlen (dumppfx) + + sizeof (DUMPBASE_SUFFIX) + + sizeof (".ltrans")); char *dumpbase = (char *) xmalloc (dumpbase_len + 1); snprintf (dumpbase, dumpbase_len, "%sltrans%u.ltrans", dumppfx, i); argv_ptr[0] = dumpbase; @@ -2009,9 +2011,11 @@ cont: } else { - char argsuffix[sizeof (DUMPBASE_SUFFIX) + 1]; + char argsuffix[sizeof (DUMPBASE_SUFFIX) + + sizeof (".ltrans_args") + 1]; if (save_temps) - snprintf (argsuffix, sizeof (DUMPBASE_SUFFIX), + snprintf (argsuffix, + sizeof (DUMPBASE_SUFFIX) + sizeof (".ltrans_args"), "ltrans%u.ltrans_args", i); fork_execute (new_argv[0], CONST_CAST (char **, new_argv), true, save_temps ? argsuffix : NULL);