diff options
| author | Jerry DeLisle <jvdelisle@gcc.gnu.org> | 2017-12-16 19:50:42 +0000 |
|---|---|---|
| committer | Jerry DeLisle <jvdelisle@gcc.gnu.org> | 2017-12-16 19:50:42 +0000 |
| commit | 1eaa31d84014c78a16409ef3c08e164dee78b56f (patch) | |
| tree | b052be0f836386dc80e2d8230dcd4d31426e03de | |
| parent | c16c06daa1e537fb2f0cbeb038a40e0867c66b3a (diff) | |
| download | gcc-1eaa31d84014c78a16409ef3c08e164dee78b56f.zip gcc-1eaa31d84014c78a16409ef3c08e164dee78b56f.tar.gz gcc-1eaa31d84014c78a16409ef3c08e164dee78b56f.tar.bz2 | |
re PR libfortran/81937 (stack-buffer-overflow on memcpy in libgfortran/io/unix.c on character(kind=4))
2017-12-16 Jerry DeLisle <jvdelisle@gcc.gnu.org>
PR libgfortran/81937
* io/list_read.c (next_char_internal): Don't attempt to read
from the internal unit stream if no bytes are left. Decrement
bytes_left in the right place.
From-SVN: r255750
| -rw-r--r-- | libgfortran/ChangeLog | 7 | ||||
| -rw-r--r-- | libgfortran/io/list_read.c | 22 |
2 files changed, 20 insertions, 9 deletions
diff --git a/libgfortran/ChangeLog b/libgfortran/ChangeLog index ee2f7a6..aa2a0f7 100644 --- a/libgfortran/ChangeLog +++ b/libgfortran/ChangeLog @@ -1,3 +1,10 @@ +2017-12-16 Jerry DeLisle <jvdelisle@gcc.gnu.org> + + PR libgfortran/81937 + * io/list_read.c (next_char_internal): Don't attempt to read + from the internal unit stream if no bytes are left. Decrement + bytes_left in the right place. + 2017-12-12 Jerry DeLisle <jvdelisle@gcc.gnu.org> PR libgfortran/78549 diff --git a/libgfortran/io/list_read.c b/libgfortran/io/list_read.c index 379050c..037f2da 100644 --- a/libgfortran/io/list_read.c +++ b/libgfortran/io/list_read.c @@ -266,15 +266,19 @@ next_char_internal (st_parameter_dt *dtp) } /* Get the next character and handle end-of-record conditions. */ - - if (is_char4_unit(dtp)) /* Check for kind=4 internal unit. */ - length = sread (dtp->u.p.current_unit->s, &c, 1); + if (likely (dtp->u.p.current_unit->bytes_left > 0)) + { + if (unlikely (is_char4_unit(dtp))) /* Check for kind=4 internal unit. */ + length = sread (dtp->u.p.current_unit->s, &c, 1); + else + { + char cc; + length = sread (dtp->u.p.current_unit->s, &cc, 1); + c = cc; + } + } else - { - char cc; - length = sread (dtp->u.p.current_unit->s, &cc, 1); - c = cc; - } + length = 0; if (unlikely (length < 0)) { @@ -290,7 +294,6 @@ next_char_internal (st_parameter_dt *dtp) generate_error (&dtp->common, LIBERROR_INTERNAL_UNIT, NULL); return '\0'; } - dtp->u.p.current_unit->bytes_left--; } else { @@ -302,6 +305,7 @@ next_char_internal (st_parameter_dt *dtp) dtp->u.p.at_eof = 1; } } + dtp->u.p.current_unit->bytes_left--; done: dtp->u.p.at_eol = (c == '\n' || c == EOF); |