diff mbox series

d: fix ASAN in option processing

Message ID af5c4345-fb6e-55d5-659d-821156af6562@suse.cz
State New
Headers show
Series d: fix ASAN in option processing | expand

Commit Message

Martin Liška Nov. 25, 2021, 1:59 p.m. UTC
Fixes:

==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
READ of size 4 at 0x00000666ca5c thread T0
     #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
     #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
     #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
     #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
     #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
     #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
     #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
     #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
     #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146

for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.

Ready for master?
Thanks,
Martin

gcc/d/ChangeLog:

	* d-attribs.cc (parse_optimize_options): Check index before
	accessing cl_options.
---
  gcc/d/d-attribs.cc | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Iain Buclaw Nov. 26, 2021, 12:34 p.m. UTC | #1
Excerpts from Martin Liška's message of November 25, 2021 2:59 pm:
> Fixes:
> 
> ==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
> READ of size 4 at 0x00000666ca5c thread T0
>      #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
>      #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
>      #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
>      #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
>      #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
>      #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
>      #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
>      #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
>      #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146
> 
> for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.
> 
> Ready for master?

Thanks, looks OK to me, does it need backporting as well?

Iain.



> Thanks,
> Martin
> 
> gcc/d/ChangeLog:
> 
> 	* d-attribs.cc (parse_optimize_options): Check index before
> 	accessing cl_options.
> ---
>   gcc/d/d-attribs.cc | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> index d81b7d122f7..1ec800526f7 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -852,7 +852,9 @@ parse_optimize_options (tree args)
>     unsigned j = 1;
>     for (unsigned i = 1; i < decoded_options_count; ++i)
>       {
> -      if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION))
> +      unsigned opt_index = decoded_options[i].opt_index;
> +      if (opt_index >= cl_options_count
> +	  && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
>   	{
>   	  ret = false;
>   	  warning (OPT_Wattributes,
> -- 
> 2.34.0
> 
>
Martin Liška Nov. 26, 2021, 1:52 p.m. UTC | #2
On 11/26/21 13:34, Iain Buclaw wrote:
> Thanks, looks OK to me, does it need backporting as well?

Yes, I guess so. I'm going to do it.

Martin
Martin Liška Nov. 28, 2021, 8:41 a.m. UTC | #3
On 11/25/21 14:59, Martin Liška wrote:
> Fixes:
> 
> ==129444==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000666ca5c at pc 0x000000ef094b bp 0x7fffffff8180 sp 0x7fffffff8178
> READ of size 4 at 0x00000666ca5c thread T0
>      #0 0xef094a in parse_optimize_options ../../gcc/d/d-attribs.cc:855
>      #1 0xef0d36 in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:916
>      #2 0xef107e in d_handle_optimize_attribute ../../gcc/d/d-attribs.cc:887
>      #3 0xff85b1 in decl_attributes(tree_node**, tree_node*, int, tree_node*) ../../gcc/attribs.c:829
>      #4 0xef2a91 in apply_user_attributes(Dsymbol*, tree_node*) ../../gcc/d/d-attribs.cc:427
>      #5 0xf7b7f3 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:1346
>      #6 0xf87bc7 in get_symbol_decl(Declaration*) ../../gcc/d/decl.cc:967
>      #7 0xf87bc7 in DeclVisitor::visit(FuncDeclaration*) ../../gcc/d/decl.cc:808
>      #8 0xf83db5 in DeclVisitor::build_dsymbol(Dsymbol*) ../../gcc/d/decl.cc:146
> 
> for the following test-case: gcc/testsuite/gdc.dg/attr_optimize1.d.
> 
> Ready for master?
> Thanks,
> Martin
> 
> gcc/d/ChangeLog:
> 
>      * d-attribs.cc (parse_optimize_options): Check index before
>      accessing cl_options.
> ---
>   gcc/d/d-attribs.cc | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
> index d81b7d122f7..1ec800526f7 100644
> --- a/gcc/d/d-attribs.cc
> +++ b/gcc/d/d-attribs.cc
> @@ -852,7 +852,9 @@ parse_optimize_options (tree args)
>     unsigned j = 1;
>     for (unsigned i = 1; i < decoded_options_count; ++i)
>       {
> -      if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION))
> +      unsigned opt_index = decoded_options[i].opt_index;
> +      if (opt_index >= cl_options_count
> +      && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
>       {
>         ret = false;
>         warning (OPT_Wattributes,

Sorry, I made a stupid thinko in the patch.

There's fix that I'm going to install.

Martin
diff mbox series

Patch

diff --git a/gcc/d/d-attribs.cc b/gcc/d/d-attribs.cc
index d81b7d122f7..1ec800526f7 100644
--- a/gcc/d/d-attribs.cc
+++ b/gcc/d/d-attribs.cc
@@ -852,7 +852,9 @@  parse_optimize_options (tree args)
    unsigned j = 1;
    for (unsigned i = 1; i < decoded_options_count; ++i)
      {
-      if (! (cl_options[decoded_options[i].opt_index].flags & CL_OPTIMIZATION))
+      unsigned opt_index = decoded_options[i].opt_index;
+      if (opt_index >= cl_options_count
+	  && ! (cl_options[opt_index].flags & CL_OPTIMIZATION))
  	{
  	  ret = false;
  	  warning (OPT_Wattributes,