| Message ID | af5c4345-fb6e-55d5-659d-821156af6562@suse.cz |
|---|---|
| State | New |
| Headers |
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E60BA3858004 for <patchwork@sourceware.org>; Thu, 25 Nov 2021 14:00:50 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by sourceware.org (Postfix) with ESMTPS id C75B23858424 for <gcc-patches@gcc.gnu.org>; Thu, 25 Nov 2021 13:59:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C75B23858424 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.cz Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id B3B5C21B36; Thu, 25 Nov 2021 13:59:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1637848780; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qOISgLxaaE+Yz7+U7whCFlcs+JUGw21kqnOtbt1MmwU=; b=gkKyn+rs9ojA8C8vHTvOXgewvrPnKHW9IWBV7QHDLOpC7LxwELhlrRWradzJech+0sa0Kl RWGalU2F+1ep+XD8zpv2V1QFOo7+cn3xXRAUQ5uQR3FjNFyoL8tY2O1I9h7fTbX7XOCphQ MzWI7o4Vba6s2pd+SE6no+8JfyIJH1M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1637848780; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qOISgLxaaE+Yz7+U7whCFlcs+JUGw21kqnOtbt1MmwU=; b=JvefEvIrqMohgAJRe7n1ALXI8ymiHLaJRsGBgz2Kjknn0OiAuILbN1XXW8vIQIJYBXxOmg On3OEk4P5qCMa0Dg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id A0D0C13B70; Thu, 25 Nov 2021 13:59:40 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id PPsQJsyWn2HxfAAAMHmgww (envelope-from <mliska@suse.cz>); Thu, 25 Nov 2021 13:59:40 +0000 Message-ID: <af5c4345-fb6e-55d5-659d-821156af6562@suse.cz> Date: Thu, 25 Nov 2021 14:59:40 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 From: =?utf-8?q?Martin_Li=C5=A1ka?= <mliska@suse.cz> Subject: [PATCH] d: fix ASAN in option processing To: gcc-patches@gcc.gnu.org Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP, WEIRD_PORT autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org> List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe> List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/> List-Post: <mailto:gcc-patches@gcc.gnu.org> List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help> List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe> Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org> |
| Series |
d: fix ASAN in option processing
|
|
Commit Message
Martin Liška
Nov. 25, 2021, 1:59 p.m. UTC
Fixes:
==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
READ of size 4 at 0x00000666ca5c thread T0
#0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
#1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
#2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
#3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
#4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
#5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
#6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
#7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
#8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146
for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.
Ready for master?
Thanks,
Martin
gcc/d/ChangeLog:
* d-attribs.cc (parse_optimize_options): Check index before
accessing cl_options.
---
gcc/d/d-attribs.cc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Comments
Excerpts from Martin Liška's message of November 25, 2021 2:59 pm: > Fixes: > > ==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178 > READ of size 4 at 0x00000666ca5c thread T0 > #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855 > #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916 > #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887 > #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829 > #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427 > #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346 > #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967 > #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808 > #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146 > > for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d. > > Ready for master? Thanks, looks OK to me, does it need backporting as well? Iain. > Thanks, > Martin > > gcc/d/ChangeLog: > > * d-attribs.cc (parse_optimize_options): Check index before > accessing cl_options. > --- > gcc/d/d-attribs.cc | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc > index d81b7d122f7..1ec800526f7 100644 > --- a/gcc/d/d-attribs.cc > +++ b/gcc/d/d-attribs.cc > @@ -852,7 +852,9 @@ parse_optimize_options (tree args) > unsigned j = 1; > for (unsigned i = 1; i < decoded_options_count; ++i) > { > - if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION)) > + unsigned opt_index = decoded_options[i].opt_index; > + if (opt_index >= cl_options_count > + && ! (cl_options[opt_index].flags & CL_OPTIMIZATION)) > { > ret = false; > warning (OPT_Wattributes, > -- > 2.34.0 > >
On 11/26/21 13:34, Iain Buclaw wrote:
> Thanks, looks OK to me, does it need backporting as well?
Yes, I guess so. I'm going to do it.
Martin
On 11/25/21 14:59, Martin Liška wrote: > Fixes: > > ==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178 > READ of size 4 at 0x00000666ca5c thread T0 > #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855 > #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916 > #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887 > #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829 > #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427 > #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346 > #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967 > #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808 > #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146 > > for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d. > > Ready for master? > Thanks, > Martin > > gcc/d/ChangeLog: > > * d-attribs.cc (parse_optimize_options): Check index before > accessing cl_options. > --- > gcc/d/d-attribs.cc | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc > index d81b7d122f7..1ec800526f7 100644 > --- a/gcc/d/d-attribs.cc > +++ b/gcc/d/d-attribs.cc > @@ -852,7 +852,9 @@ parse_optimize_options (tree args) > unsigned j = 1; > for (unsigned i = 1; i < decoded_options_count; ++i) > { > - if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION)) > + unsigned opt_index = decoded_options[i].opt_index; > + if (opt_index >= cl_options_count > + && ! (cl_options[opt_index].flags & CL_OPTIMIZATION)) > { > ret = false; > warning (OPT_Wattributes, Sorry, I made a stupid thinko in the patch. There's fix that I'm going to install. Martin
diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc index d81b7d122f7..1ec800526f7 100644 --- a/gcc/d/d-attribs.cc +++ b/gcc/d/d-attribs.cc @@ -852,7 +852,9 @@ parse_optimize_options (tree args) unsigned j = 1; for (unsigned i = 1; i < decoded_options_count; ++i) { - if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION)) + unsigned opt_index = decoded_options[i].opt_index; + if (opt_index >= cl_options_count + && ! (cl_options[opt_index].flags & CL_OPTIMIZATION)) { ret = false; warning (OPT_Wattributes,