https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101997
--- Comment #4 from anlauf at gcc dot gnu.org ---
I have run the testcase under the debugger and the longest arguments to
sprintf I have found is
"m2345678901234567890123456789012345678901234567890123456789_123.n2345678901234567890123456789012345678901234567890123456789_123"
(gdb) p (int)strlen(derived->ns->proc_name->name)
$45 = 127
which is 2*GFC_MAX_SYMBOL_LEN+1, and I also do not see how dt_name would
overflow. (GFC_MAX_SYMBOL_LEN is 63).
I've tentatively increased the buffers in question and run again under gdb
but did not see that the checked string length in get_unique_hashed_string
or gfc_hash_value would change anything.
Here's the simple modification I tried:
diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
index 1a5bcfae3c0..e794a762d33 100644
--- a/gcc/fortran/class.c
+++ b/gcc/fortran/class.c
@@ -479,7 +479,7 @@ gfc_class_initializer (gfc_typespec *ts, gfc_expr
*init_expr)
static void
get_unique_type_string (char *string, gfc_symbol *derived)
{
- char dt_name[GFC_MAX_SYMBOL_LEN+1];
+ char dt_name[2*(GFC_MAX_SYMBOL_LEN+1)];
if (derived->attr.unlimited_polymorphic)
strcpy (dt_name, "STAR");
else
@@ -502,7 +502,7 @@ static void
get_unique_hashed_string (char *string, gfc_symbol *derived)
{
/* Provide sufficient space to hold "symbol.symbol_symbol". */
- char tmp[3*GFC_MAX_SYMBOL_LEN+3];
+ char tmp[4*(GFC_MAX_SYMBOL_LEN+1)];
get_unique_type_string (&tmp[0], derived);
size_t len = strnlen (tmp, sizeof (tmp));
gcc_assert (len < sizeof (tmp));
@@ -527,7 +527,7 @@ gfc_hash_value (gfc_symbol *sym)
{
unsigned int hash = 0;
/* Provide sufficient space to hold "symbol.symbol_symbol". */
- char c[3*GFC_MAX_SYMBOL_LEN+3];
+ char c[4*(GFC_MAX_SYMBOL_LEN+1)];
int i, len;
get_unique_type_string (&c[0], sym);
