Message ID | Y4jJSkO6Ccew5OjL@arm.com |
---|---|
State | Committed |
Commit | de144fdab17dbbb64ccb540056ab78b4ffb3fbbc |
Headers |
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9CA12385B195 for <patchwork@sourceware.org>; Thu, 1 Dec 2022 15:34:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9CA12385B195 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669908849; bh=EiWkSayVZ5mH9gHowqsyT0fy/bgSEShhT+HrMGvFMy8=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=hGxOmscoZLD6RN+yxI7p7EOS24WO1lc87xFuFDUe88QB0yHVi79/NpBDRkr0SNcln r+InwGBA4iRrnwOwPh+Um7Wu22Mci0qXsmC47zED6W4a6aIIiRHgUDy0XhtA848zFQ ItuyJ0JJRUiUNM3sGSdnUbLHpSDorrLivgKyzzcY= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061.outbound.protection.outlook.com [40.107.105.61]) by sourceware.org (Postfix) with ESMTPS id 22C5E3858C33 for <gcc-patches@gcc.gnu.org>; Thu, 1 Dec 2022 15:33:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 22C5E3858C33 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DCPriy+HJLvMQUO4NffiMNpmyHywuFTmBA8XshcOF1s44Ek/LsOYCnX8Dq3cw4DxZzCGNvtPSn5QYzS+iTh0NthjHkblHWb19Fc9aIPW8C4PRYDdMPruhUBx/3tRI+oam/J5xzfaE57VRAzQ7Du+T6Rq43auGHgGljlgQ+XBrY0dat8KOryUQnp5G8OXDaeCtUkB9/rDHqEweyNHcCfnh+g210/wDVTTGHw7+zAJU5YTfRWij5VaJDVY9Fih87E7apKeH/vgxsy8pDaJpMuAS9K5f39ZuFREmPMMxoWwpOCMwGjt+VEfKQD/Cl2rijn539AVWheLQuJlIgK3ebYdrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EiWkSayVZ5mH9gHowqsyT0fy/bgSEShhT+HrMGvFMy8=; b=DvCCp81IOKXPQ9CFtfS71PcLYDjqm6kovCvtoSLVU75cbNHqCtSHtmnxBmmi5oPxvfZeLPUVkuZgboJxnpFS90uwSVW01UhvJlDZCg1GE9YGcXBC4gDX/TVSVuzRIMcHvTu/QYhHyV8+hwboB4TJDp6YXjqEL97TBC7jAAZkAOHNGBBCx25g6+CsVMOPsNfiN5Tn2wxI51Bd0P7KUUT/7jtrKqlqIFkN/lyehZShFs/p5CwaUjg3X6gUZRlDJWhP1l4d9jGxjFOjbff6A4vs/ZIjh7kKrJKHnozp/GMq+0n0Ds6ncZWTFaiL7gxfZXmyoND/Gp9/Sg8s1VKYaz2YsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Received: from PAXPR08MB7201.eurprd08.prod.outlook.com (2603:10a6:102:20b::17) by PAXPR08MB6416.eurprd08.prod.outlook.com (2603:10a6:102:152::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.8; Thu, 1 Dec 2022 15:33:35 +0000 Received: from PAXPR08MB7201.eurprd08.prod.outlook.com ([fe80::40bc:b698:5059:f02]) by PAXPR08MB7201.eurprd08.prod.outlook.com ([fe80::40bc:b698:5059:f02%4]) with mapi id 15.20.5880.008; Thu, 1 Dec 2022 15:33:34 +0000 Date: Thu, 1 Dec 2022 15:33:30 +0000 To: gcc-patches@gcc.gnu.org Subject: [PATCH] varasm: Fix type confusion bug Message-ID: <Y4jJSkO6Ccew5OjL@arm.com> Content-Type: multipart/mixed; boundary="p3zC1ex5SRb9uzxl" Content-Disposition: inline X-ClientProxiedBy: LO2P123CA0019.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:a6::31) To PAXPR08MB7201.eurprd08.prod.outlook.com (2603:10a6:102:20b::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR08MB7201:EE_|PAXPR08MB6416:EE_ X-MS-Office365-Filtering-Correlation-Id: f93693f9-a3dd-4528-b26e-08dad3b167c5 NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EL6fMyX3aqzoQHIYGRGapy6LAwLeMeMcFO6MCinilqtHACh8HqMiyEvBVYcL1TKyoMwo1rTXb026PgfqPll/WW47ASPmW0D4iQd8ogqNI+oBCiS9NoODCXfnx7qHmM4Z6yfHwvXGMamoNkpVx1SIc3WexB0s03J2hSexeyA7MQyGi0ddAS5G8KKEPVNQ9fU7T6fNu2Mi6eJ+fwuI2qLsPr2ivNcYrUmHHD4FqbhKy/mFx9GlczHwW2m5VILPN86LI3qdnoCYnaMbDlmr/tRWN0TdBW3Icqt6BKjOZLRa3SsNxL6FncmpAmli+O+6BjcqO+HbbmWs7GZ6JkQAnPYkcsEYixKuiEOIJmIhfPx2R19Q9IUkN+3OtRqDKxDUjLJ6TwXrsZU+DTHQjwGcwx+7OOC7dwZsvP+kySY+0CrHKk59RwYxcmpCZnU+kIiCl+nHXGijf62PHgGbJ/cIArqhHd4KWoInOFU9ZCrNG1zNT4DIV8Bb0Y6qHgEnBFJkru/M1k3pPJZOHHN8ZdSue9PGqZga/n3b0ofOm0hI29UThyeZ70n/Ha76iQjCmmfbty5IODSPLsQY+xE7TxbNPGIS0sBD8ZDkCl7XKywGm08k7CfBN5ObGODq9uzXyZiHonGAG6kdw+7+aJ6mXR20hD4HKveEBKFuWdkWa+hJb59fTcLUQPjZJc0+Qd1hgh5sRhPCVt8OJxosfCrihstoB305BA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB7201.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(366004)(39860400002)(346002)(396003)(376002)(451199015)(86362001)(33964004)(21480400003)(6666004)(83380400001)(26005)(6506007)(44144004)(2906002)(6512007)(5660300002)(38100700002)(235185007)(44832011)(6916009)(316002)(478600001)(8676002)(8936002)(66946007)(186003)(66556008)(66476007)(6486002)(2616005)(41300700001)(36756003)(2700100001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?6I4Vi/j+PDwa7xyCHSKWP5DxU/kc?= =?utf-8?q?zdlTKNh9LX+NUQMAxAATTlVDzFuvADKwL3hbQ9SwOAx+Cs/cRnQlkIHhO7eNhQD/z?= =?utf-8?q?NH5o4uoZTyJ+Y8fNDsT0iI3o5eDWl+w+DHjw3X7JvFgs4rtdGXrduaOFA48kocuaN?= =?utf-8?q?8sUNhlHXp9O//C0wuWWxiJqvX4g9s4Q31j9w3TNnpMO9AK0pVQczuv5Kcvo8eS4Mx?= =?utf-8?q?1BVlE7lGoFMkGfp7GcMX4N5QjibW37veWWkLmu5MrsuFTeNbWT6VOyYj9atvNG+VT?= =?utf-8?q?lGNCseCDdHwgb+3i1Dz1cvutFu81pq39WK35de8l32HsALvpa0Nb0vyHwF7hPmxxj?= =?utf-8?q?8QVpPjY5wN5jDQ+6zGuq5WlmVXxlePDp7NoVz2WS5330hsx/qDw3DIPGwf/R+sBBb?= =?utf-8?q?FfXuWgUpzFC+slLrEj8M9Z6KDPSvWY+4fplnOJrNVXM1cYJ0EEfQtrUqCrI64l2oA?= =?utf-8?q?QdZAXy3cq0pBNLrXy23nqZdXufWQDzltHz21gHNDU3B2xL4Jdfe5T7z3cIbsjkZj/?= =?utf-8?q?q1vNKFzY8wyaTT6Q5aUlq2OPAipz7SVhitq8Uq80E2d3xqxRUwyKaa/BbSkxlLSi+?= =?utf-8?q?5oiX8d70hHGK8K+diHJysy8J82Tn5zYUNUH0AT0k+7fUpXA8mIo716wE2QvrIP9gL?= =?utf-8?q?3UTRgoFl5TlXMn6zfEEiM/X3ktS0SESlDZvlgxSTZY/UsMW/R7CwDV7+t53Z9+lRP?= =?utf-8?q?EObcJHt6vwjt9LLOMzrye+9zHCH3LyPw9sQDaaMf0C/q0bN0PHyaZjoXPAN9Y09ql?= =?utf-8?q?1p6VQ9jQRt58NGLCPYVPUvR2oQokMU3/vbm980ScxLVgKuJTHuciqaaO85pRqHYFT?= =?utf-8?q?kYqHQoWUAQ+pJQrtLVnV5swoHNYdupfo6ZPJhyxnpU6mkAJyqBPXL9SAhojKt/tKD?= =?utf-8?q?wG23KI3g7ytRY1GcFsfFn8g0Kt+g5VU2BZ9X817uc5Gy1tQET9JvewebVkgQIYy8y?= =?utf-8?q?VGbnhp4Z/CqvByKui1gkcf+7KhkaZuWyXlALQ4Un39w9ljpiWBXGnFNlOGHZ1JS/c?= =?utf-8?q?SQXK930z7WEa9BrPnqKNE5na7mLJD0hNt+3ZfTK9fRBLplA6TUAZiEzBGPOKtfY/r?= =?utf-8?q?a3VsTGzSN4Guv2shAUmaD6d5PEMe4bPdLyY3oNGeByJwpmDz3BFsmHzUb22oZl2ra?= =?utf-8?q?8fc5cRTwkENueMXvL3bpLzHkfZim63vV7iXC0VjzMv7Z03xR5P1yedRmyhO8Awtm7?= =?utf-8?q?BCnLwH/JBSEg+PrLwOPECLz1Q7KKVw19+QkH0aVayw+27VmviBGN0QnagY8kQkzMf?= =?utf-8?q?T1lxAT1vqr8+z7q9AEOlbKjp/Cd/FCl+PbnojeeHOIkhV1/eZ8IvR2Q0skKYVYGp3?= =?utf-8?q?1VSsFtK8Dtadiw53bPCOUQ/aTidg4+dWFKj8m9xTxkn5ReiTQyrmIBUyQ8sUTkYJ7?= =?utf-8?q?exhaFMMdmyvaZhK64dYY4P5W5oUy7Vuk1W1RbviKCfNXI09wiuttB36XM2uaAozcv?= =?utf-8?q?qplNLbjHMRTT9eu8ka46eA1JWKWIWqQiUVsySU15eEGWG7XkxHECjnD9wEQ5hoiFj?= =?utf-8?q?tKakyaTLlQXf?= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: f93693f9-a3dd-4528-b26e-08dad3b167c5 X-MS-Exchange-CrossTenant-AuthSource: PAXPR08MB7201.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Dec 2022 15:33:34.7850 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SWs1IcYF3sHLkiYLUd1tTESXFbIplr+1826MLYlxJ1D7norkQnjf6WqFGbMn8KzM4EFj9xbzmNMdaMJ+LiMQRA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6416 X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FORGED_SPF_HELO, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org> List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe> List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/> List-Post: <mailto:gcc-patches@gcc.gnu.org> List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help> List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe> From: Alex Coplan via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: Alex Coplan <alex.coplan@arm.com> Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> |
Series |
varasm: Fix type confusion bug
|
|
Commit Message
Alex Coplan
Dec. 1, 2022, 3:33 p.m. UTC
Hi, This patch fixes a type confusion bug in varasm.cc:assemble_variable. The problem is that the current code calls: sect = get_variable_section (decl, false); and then accesses sect->named.name without checking whether the section is in fact a named section. In the surrounding else clause, we only know that SECTION_STYLE (sect) != SECTION_NOSWITCH, so it is possible that the section is an unnamed section. In practice, this means that we end up doing a wild string compare between a function pointer and the string literal ".vtable_map_vars". This is because sect->named.name aliases sect->unnamed.callback in the section union. This can be seen in GDB with a simple testcase such as "int x;". This patch fixes the issue by checking the SECTION_STYLE of the section is in fact SECTION_NAMED before trying to do the string comparison. We drop the existing check of whether sect->named.name is non-NULL because this should presumably always be the case for a named section. Bootstrapped/regtested on aarch64-none-linux-gnu, OK for trunk? Thanks, Alex gcc/ChangeLog: * varasm.cc (assemble_variable): Fix type confusion bug when checking for ".vtable_map_vars" section.
Comments
Alex Coplan via Gcc-patches <gcc-patches@gcc.gnu.org> writes: > Hi, > > This patch fixes a type confusion bug in varasm.cc:assemble_variable. > The problem is that the current code calls: > > sect = get_variable_section (decl, false); > > and then accesses sect->named.name without checking whether the section > is in fact a named section. In the surrounding else clause, we only know > that SECTION_STYLE (sect) != SECTION_NOSWITCH, so it is possible that > the section is an unnamed section. > > In practice, this means that we end up doing a wild string compare > between a function pointer and the string literal ".vtable_map_vars". > This is because sect->named.name aliases sect->unnamed.callback in the > section union. > > This can be seen in GDB with a simple testcase such as "int x;". > > This patch fixes the issue by checking the SECTION_STYLE of the section > is in fact SECTION_NAMED before trying to do the string comparison. > > We drop the existing check of whether sect->named.name is non-NULL > because this should presumably always be the case for a named section. > > Bootstrapped/regtested on aarch64-none-linux-gnu, OK for trunk? OK, thanks. I think it's OK for backports too if you like, since it's a regression from around 2013. Richard > > Thanks, > Alex > > gcc/ChangeLog: > > * varasm.cc (assemble_variable): Fix type confusion bug when > checking for ".vtable_map_vars" section. > > diff --git a/gcc/varasm.cc b/gcc/varasm.cc > index 9dfbebbb915..6851201b6a2 100644 > --- a/gcc/varasm.cc > +++ b/gcc/varasm.cc > @@ -2400,7 +2400,7 @@ assemble_variable (tree decl, int top_level ATTRIBUTE_UNUSED, > else > { > /* Special-case handling of vtv comdat sections. */ > - if (sect->named.name > + if (SECTION_STYLE (sect) == SECTION_NAMED > && (strcmp (sect->named.name, ".vtable_map_vars") == 0)) > handle_vtv_comdat_section (sect, decl); > else
On 01/12/2022 16:12, Richard Sandiford wrote: > Alex Coplan via Gcc-patches <gcc-patches@gcc.gnu.org> writes: > > Hi, > > > > This patch fixes a type confusion bug in varasm.cc:assemble_variable. > > The problem is that the current code calls: > > > > sect = get_variable_section (decl, false); > > > > and then accesses sect->named.name without checking whether the section > > is in fact a named section. In the surrounding else clause, we only know > > that SECTION_STYLE (sect) != SECTION_NOSWITCH, so it is possible that > > the section is an unnamed section. > > > > In practice, this means that we end up doing a wild string compare > > between a function pointer and the string literal ".vtable_map_vars". > > This is because sect->named.name aliases sect->unnamed.callback in the > > section union. > > > > This can be seen in GDB with a simple testcase such as "int x;". > > > > This patch fixes the issue by checking the SECTION_STYLE of the section > > is in fact SECTION_NAMED before trying to do the string comparison. > > > > We drop the existing check of whether sect->named.name is non-NULL > > because this should presumably always be the case for a named section. > > > > Bootstrapped/regtested on aarch64-none-linux-gnu, OK for trunk? > > OK, thanks. I think it's OK for backports too if you like, > since it's a regression from around 2013. Thanks, I've pushed the patch to trunk, and will backport if there are no complaints after a week or so. Alex > > Richard > > > > > Thanks, > > Alex > > > > gcc/ChangeLog: > > > > * varasm.cc (assemble_variable): Fix type confusion bug when > > checking for ".vtable_map_vars" section. > > > > diff --git a/gcc/varasm.cc b/gcc/varasm.cc > > index 9dfbebbb915..6851201b6a2 100644 > > --- a/gcc/varasm.cc > > +++ b/gcc/varasm.cc > > @@ -2400,7 +2400,7 @@ assemble_variable (tree decl, int top_level ATTRIBUTE_UNUSED, > > else > > { > > /* Special-case handling of vtv comdat sections. */ > > - if (sect->named.name > > + if (SECTION_STYLE (sect) == SECTION_NAMED > > && (strcmp (sect->named.name, ".vtable_map_vars") == 0)) > > handle_vtv_comdat_section (sect, decl); > > else
diff --git a/gcc/varasm.cc b/gcc/varasm.cc index 9dfbebbb915..6851201b6a2 100644 --- a/gcc/varasm.cc +++ b/gcc/varasm.cc @@ -2400,7 +2400,7 @@ assemble_variable (tree decl, int top_level ATTRIBUTE_UNUSED, else { /* Special-case handling of vtv comdat sections. */ - if (sect->named.name + if (SECTION_STYLE (sect) == SECTION_NAMED && (strcmp (sect->named.name, ".vtable_map_vars") == 0)) handle_vtv_comdat_section (sect, decl); else