diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2020-03-17 10:43:46 +0100 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2020-03-17 10:43:46 +0100 |
| commit | 741ff2a263fe0ddc343288331c0047c1a32af8b2 (patch) | |
| tree | 5f23860deb1fa9ac97df7afceeefdfb065f5cfd7 /gcc/fortran/module.c | |
| parent | 7afa3b82918a75a486aad7818f11df9ea7504368 (diff) | |
| download | gcc-741ff2a263fe0ddc343288331c0047c1a32af8b2.zip gcc-741ff2a263fe0ddc343288331c0047c1a32af8b2.tar.gz gcc-741ff2a263fe0ddc343288331c0047c1a32af8b2.tar.bz2 | |
strlen: Punt on UB reads past end of string literal [PR94187]
The gcc.dg/pr68785.c test which contains:
int
foo (void)
{
return *(int *) "";
}
has UB in the program if it is ever called, but causes UB in the compiler
as well as at least in theory non-reproduceable code generation.
The problem is that nbytes is in this case 4, prep is the
TREE_STRING_POINTER of a "" string literal with TREE_STRING_LENGTH of 1 and
we do:
4890 for (const char *p = prep; p != prep + nbytes; ++p)
4891 if (*p)
4892 {
4893 *allnul = false;
4894 break;
4895 }
and so read the bytes after the STRING_CST payload, which can be random.
I think we should just punt in this case.
2020-03-17 Jakub Jelinek <jakub@redhat.com>
PR tree-optimization/94187
* tree-ssa-strlen.c (count_nonzero_bytes): Punt if
nchars - offset < nbytes.
Diffstat (limited to 'gcc/fortran/module.c')
0 files changed, 0 insertions, 0 deletions