[Bug driver/112983] New: gcc.cc: do_spec_1, ICE if missing '}' for %x{...}

pexu--- via Gcc-bugs Tue, 12 Dec 2023 02:27:45 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112983


            Bug ID: 112983
           Summary: gcc.cc: do_spec_1, ICE if missing '}' for %x{...}
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: driver
          Assignee: unassigned at gcc dot gnu.org
          Reporter: p...@gcc-bugzilla.mail.kapsi.fi
  Target Milestone: ---

Hi.

# cat bracegracemisery.specs
*self_spec: %x{
# gcc --specs=bracegracemisery.specs -E - < /dev/null > /dev/null
Segmentation fault (core dumped)

Happens because when looking for the terminating '}' character the loop
condition does not check if the input buffer runs out.

gcc.cc:
https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/gcc.cc;h=701f5cdfb59c8f60c9c9bee310ef9de03d1ece27;hb=refs/heads/master#l6683
6683:         while (*p++ != '}')
6684:           ;

Due to memory layout reproducing this might be difficult (or impossible) or
yield other diagnosted errors (should the out of bounds read contain the
terminating character prior an invalid memory location is accessed).

[Bug driver/112983] New: gcc.cc: do_spec_1, ICE if missing '}' for %x{...}

Reply via email to