> That is detecting it after the buffer overflow has happened already, that is
> too late, after UB anything can happen.
> + {
> + const char *upper = gfc_dt_upper_string (derived->name);
> + size_t len = strnlen (upper, sizeof (dt_name));
> + gcc_assert (len < sizeof (dt_name));
> + memcpy (dt_name, upper, len);
> + dt_name[len] = '\0';
> + }
> does detect it before overflowing it.
OK. Here's what I committed:
PR fortran/95090 - ICE: identifier overflow
Implement buffer overrun check for temporary that holds mangled names.
2020-05-30 Harald Anlauf <anl...@gmx.de>
gcc/fortran/
PR fortran/95090
* class.c (get_unique_type_string): Use buffer overrun check.
diff --git a/gcc/fortran/class.c b/gcc/fortran/class.c
index db395624a16..afd8885a1ea 100644
--- a/gcc/fortran/class.c
+++ b/gcc/fortran/class.c
@@ -484,7 +484,14 @@ get_unique_type_string (char *string, gfc_symbol *derived)
if (derived->attr.unlimited_polymorphic)
strcpy (dt_name, "STAR");
else
- strncpy (dt_name, gfc_dt_upper_string (derived->name), sizeof (dt_name));
+ {
+ const char *upper = gfc_dt_upper_string (derived->name);
+ size_t len = strnlen (upper, sizeof (dt_name));
+ if (len >= sizeof (dt_name))
+ gfc_internal_error ("get_unique_type_string: identifier overflow");
+ memcpy (dt_name, upper, len);
+ dt_name[len] = '\0';
+ }
if (derived->attr.unlimited_polymorphic)
sprintf (string, "_%s", dt_name);
else if (derived->module)
Harald
