PR fortran/95530, PR fortran/95537 - Buffer overflows with long symbols

The testcases for PR95090 and PR95106 trigger buffer overflows with long
symbols that were found with an instrumented compiler.  Enlarge the
affected buffers, and add checks that the buffers will suffice.

2020-06-05  Harald Anlauf  <anlauf@gmx.de>

gcc/fortran/
	PR fortran/95530
	PR fortran/95537
	* decl.c (gfc_match_decl_type_spec): Enlarge buffer, and enhance
	string copy to detect buffer overflow.
	* gfortran.h (gfc_common_head): Enlarge buffer.
	* trans-common.c (finish_equivalences): Enhance string copy to
	detect buffer overflow.

1 files changed, 7 insertions, 2 deletions

diff --git a/gcc/fortran/decl.c b/gcc/fortran/decl.c
index 3ad5559..1c1626d 100644
--- a/gcc/fortran/decl.c
+++ b/gcc/fortran/decl.c
@@ -4094,7 +4094,8 @@ match_byte_typespec (gfc_typespec *ts)
 match
 gfc_match_decl_type_spec (gfc_typespec *ts, int implicit_flag)
 {
-  char name[GFC_MAX_SYMBOL_LEN + 1];
+  /* Provide sufficient space to hold "pdtsymbol".  */
+  char name[GFC_MAX_SYMBOL_LEN + 1 + 3];
   gfc_symbol *sym, *dt_sym;
   match m;
   char c;
@@ -4284,7 +4285,11 @@ gfc_match_decl_type_spec (gfc_typespec *ts, int implicit_flag)
 	    return m;
 	  gcc_assert (!sym->attr.pdt_template && sym->attr.pdt_type);
 	  ts->u.derived = sym;
-	  strcpy (name, gfc_dt_lower_string (sym->name));
+	  const char* lower = gfc_dt_lower_string (sym->name);
+	  size_t len = strnlen (lower, sizeof (name));
+	  gcc_assert (len < sizeof (name));
+	  memcpy (name, lower, len);
+	  name[len] = '\0';
 	}
 
       if (sym && sym->attr.flavor == FL_STRUCT)