On Sat, May 30, 2020 at 02:48:32PM +0200, Harald Anlauf wrote:
> I'ld like to detect the situation that when somebody modifies name-mangling in
> a way that generates a buffer overrun during regtesting so that the
> temporaries
> to adjust are easier to find.
>
> After thinking about your and H.J.'s suggestions, the shortest solution
> I came up with is:
>
> diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
> index db395624a16..6d0924da2b8 100644
> --- a/gcc/fortran/class.c
> +++ b/gcc/fortran/class.c
> @@ -484,7 +484,12 @@ get_unique_type_string (char *string, gfc_symbol
> *derived)
> if (derived->attr.unlimited_polymorphic)
> strcpy (dt_name, "STAR");
> else
> - strncpy (dt_name, gfc_dt_upper_string (derived->name), sizeof (dt_name));
> + {
> + dt_name[sizeof (dt_name)-1] = '\0';
> + strcpy (dt_name, gfc_dt_upper_string (derived->name));
> + if (dt_name[sizeof (dt_name)-1] != '\0')
> + gfc_internal_error ("get_unique_type_string: identifier overflow");
> + }
> if (derived->attr.unlimited_polymorphic)
> sprintf (string, "_%s", dt_name);
> else if (derived->module)
>
> That would have given me a useful error on x86_64.
>
> Is this OK for master?
That is detecting it after the buffer overflow has happened already, that is
too late, after UB anything can happen.
+ {
+ const char *upper = gfc_dt_upper_string (derived->name);
+ size_t len = strnlen (upper, sizeof (dt_name));
+ gcc_assert (len < sizeof (dt_name));
+ memcpy (dt_name, upper, len);
+ dt_name[len] = '\0';
+ }
does detect it before overflowing it.
Jakub
