On Fri, Aug 12, 2016 at 02:22:56PM +0200, Martin Liška wrote: > Simple patch corrects assumption about string length, however the hunk in > save_string is kind of discussable as one can have a string with '\0' chars > which is length enough? > > Thoughts? > > Patch can bootstrap on ppc64le-redhat-linux and survives regression tests. > > Ready to be installed? > Martin
> >From c7a7e1be3c113ee0f610d627426b8f241357b86e Mon Sep 17 00:00:00 2001 > From: marxin <mli...@suse.cz> > Date: Tue, 9 Aug 2016 13:04:57 +0200 > Subject: [PATCH] Fix invalid memory access in gcc.c (driver/72765) > > gcc/ChangeLog: > > 2016-08-09 Martin Liska <mli...@suse.cz> > > PR driver/72765 > * gcc.c (do_spec_1): Call save_string with the right size. > (save_string): Do an assert about string we copy. > --- > gcc/gcc.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/gcc/gcc.c b/gcc/gcc.c > index 7460f6a..a5c4a19 100644 > --- a/gcc/gcc.c > +++ b/gcc/gcc.c > @@ -5420,8 +5420,9 @@ do_spec_1 (const char *spec, int inswitch, const char > *soft_matched_part) > if (files_differ) > #endif > { > - temp_filename = save_string (temp_filename, > - temp_filename_length + > 1); > + temp_filename > + = save_string (temp_filename, > + temp_filename_length - 1); > obstack_grow (&obstack, temp_filename, > temp_filename_length); > arg_going = 1; This is ok for trunk/6.2 (if you commit RSN). > @@ -8362,6 +8363,7 @@ save_string (const char *s, int len) > { > char *result = XNEWVEC (char, len + 1); > > + gcc_assert (strlen (s) >= (unsigned int)len); > memcpy (result, s, len); > result[len] = 0; > return result; I'd leave this one out (at least from 6.x); if anything, use just gcc_checking_assert (since otherwise it doesn't make much sense to pass len if you are going to recompute it anyway) and put a space between the cast and len. Jakub