Another corner case of buffer overflows during name mangling found by
Gerhard. We now check that the new buffer sizes suffice.
The patch is on top of the patches for PRs 95687, 95688, 95689.
Regtested on x86_64-pc-linux-gnu.
OK for master / backports?
Thanks,
Harald
PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
With submodules and equivalence declarations, name mangling may result in
long internal symbols overflowing internal buffers. We now check that
we do not exceed the enlarged buffer sizes.
gcc/fortran/
PR fortran/95707
* gfortran.h (gfc_common_head): Enlarge buffer.
* trans-common.c (gfc_sym_mangled_common_id): Enlarge temporary
buffers, and add check on length on mangled name to prevent
overflow.
diff --git a/gcc/fortran/gfortran.h b/gcc/fortran/gfortran.h
index c12a8bef277..836e0b3063d 100644
--- a/gcc/fortran/gfortran.h
+++ b/gcc/fortran/gfortran.h
@@ -1677,8 +1677,8 @@ typedef struct gfc_common_head
char use_assoc, saved, threadprivate;
unsigned char omp_declare_target : 1;
unsigned char omp_declare_target_link : 1;
- /* Provide sufficient space to hold "symbol.eq.1234567890". */
- char name[GFC_MAX_SYMBOL_LEN + 1 + 14];
+ /* Provide sufficient space to hold "symbol.symbol.eq.1234567890". */
+ char name[2*GFC_MAX_SYMBOL_LEN + 1 + 14 + 1];
struct gfc_symbol *head;
const char* binding_label;
int is_bind_c;
diff --git a/gcc/fortran/trans-common.c b/gcc/fortran/trans-common.c
index 1acc336eacf..c6383fc2352 100644
--- a/gcc/fortran/trans-common.c
+++ b/gcc/fortran/trans-common.c
@@ -242,11 +242,13 @@ static tree
gfc_sym_mangled_common_id (gfc_common_head *com)
{
int has_underscore;
- /* Provide sufficient space to hold "symbol.eq.1234567890__". */
- char mangled_name[GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16];
- char name[GFC_MAX_SYMBOL_LEN + 1 + 16];
+ /* Provide sufficient space to hold "symbol.symbol.eq.1234567890__". */
+ char mangled_name[2*GFC_MAX_MANGLED_SYMBOL_LEN + 1 + 16 + 1];
+ char name[sizeof (mangled_name) - 2];
/* Get the name out of the common block pointer. */
+ size_t len = strlen (com->name);
+ gcc_assert (len < sizeof (name));
strcpy (name, com->name);
/* If we're suppose to do a bind(c). */
diff --git a/gcc/testsuite/gfortran.dg/pr95707.f90 b/gcc/testsuite/gfortran.dg/pr95707.f90
new file mode 100644
index 00000000000..3279a6320cf
--- /dev/null
+++ b/gcc/testsuite/gfortran.dg/pr95707.f90
@@ -0,0 +1,16 @@
+! { dg-do compile }
+! { dg-options "-fsecond-underscore" }
+! PR fortran/95707 - ICE in finish_equivalences, at fortran/trans-common.c:1319
+
+module m2345678901234567890123456789012345678901234567890123456789_123
+ interface
+ module subroutine s2345678901234567890123456789012345678901234567890123456789_123
+ end
+ end interface
+end
+submodule(m2345678901234567890123456789012345678901234567890123456789_123) &
+ n2345678901234567890123456789012345678901234567890123456789_123
+ real :: a(4), u(3,2)
+ real :: b(4), v(4,2)
+ equivalence (a(1),u(1,1)), (b(1),v(1,1))
+end
