Alex Coplan via Gcc-patches <gcc-patches@gcc.gnu.org> writes:
> Hi,
>
> This patch fixes a type confusion bug in varasm.cc:assemble_variable.
> The problem is that the current code calls:
>
> sect = get_variable_section (decl, false);
>
> and then accesses sect->named.name without checking whether the section
> is in fact a named section. In the surrounding else clause, we only know
> that SECTION_STYLE (sect) != SECTION_NOSWITCH, so it is possible that
> the section is an unnamed section.
>
> In practice, this means that we end up doing a wild string compare
> between a function pointer and the string literal ".vtable_map_vars".
> This is because sect->named.name aliases sect->unnamed.callback in the
> section union.
>
> This can be seen in GDB with a simple testcase such as "int x;".
>
> This patch fixes the issue by checking the SECTION_STYLE of the section
> is in fact SECTION_NAMED before trying to do the string comparison.
>
> We drop the existing check of whether sect->named.name is non-NULL
> because this should presumably always be the case for a named section.
>
> Bootstrapped/regtested on aarch64-none-linux-gnu, OK for trunk?
OK, thanks. I think it's OK for backports too if you like,
since it's a regression from around 2013.
Richard
>
> Thanks,
> Alex
>
> gcc/ChangeLog:
>
> * varasm.cc (assemble_variable): Fix type confusion bug when
> checking for ".vtable_map_vars" section.
>
> diff --git a/gcc/varasm.cc b/gcc/varasm.cc
> index 9dfbebbb915..6851201b6a2 100644
> --- a/gcc/varasm.cc
> +++ b/gcc/varasm.cc
> @@ -2400,7 +2400,7 @@ assemble_variable (tree decl, int top_level
> ATTRIBUTE_UNUSED,
> else
> {
> /* Special-case handling of vtv comdat sections. */
> - if (sect->named.name
> + if (SECTION_STYLE (sect) == SECTION_NAMED
> && (strcmp (sect->named.name, ".vtable_map_vars") == 0))
> handle_vtv_comdat_section (sect, decl);
> else
