diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2019-01-23 16:36:46 +0000 |
|---|---|---|
| committer | David Malcolm <dmalcolm@gcc.gnu.org> | 2019-01-23 16:36:46 +0000 |
| commit | 6770fa53f9debd0cced4b1016c8e388512859ee3 (patch) | |
| tree | 65813a8c2a946abae3bf6303f6306ddcd06d096f /gcc | |
| parent | 372e6e6bac4046d87e92894535b80f28409e9d3f (diff) | |
| download | gcc-6770fa53f9debd0cced4b1016c8e388512859ee3.zip gcc-6770fa53f9debd0cced4b1016c8e388512859ee3.tar.gz gcc-6770fa53f9debd0cced4b1016c8e388512859ee3.tar.bz2 | |
aarch64: fix use-after-free in -march=native (PR driver/89014)
Running:
$ valgrind ./xgcc -B. -c test.c -march=native
on aarch64 shows a use-after-free in host_detect_local_cpu due
to the std::string result of aarch64_get_extension_string_for_isa_flags
only living until immediately after a c_str call.
This leads to corrupt "-march=" values being passed to cc1.
This patch fixes the use-after-free, though it appears to also need
Tamar's patch here:
https://gcc.gnu.org/ml/gcc-patches/2018-12/msg01302.html
in order to generate valid values for cc1. This may have worked by
accident in the past, if the corrupt "-march=" value happened to be
0-terminated in the "right" place; with this patch it now appears
to reliably break without Tamar's patch.
gcc/ChangeLog:
PR driver/89014
* config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix
use-after-free of the result of
aarch64_get_extension_string_for_isa_flags.
From-SVN: r268189
Diffstat (limited to 'gcc')
| -rw-r--r-- | gcc/ChangeLog | 7 | ||||
| -rw-r--r-- | gcc/config/aarch64/driver-aarch64.c | 12 |
2 files changed, 13 insertions, 6 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 401b81d..312a04f 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2019-01-23 David Malcolm <dmalcolm@redhat.com> + + PR driver/89014 + * config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix + use-after-free of the result of + aarch64_get_extension_string_for_isa_flags. + 2019-01-23 Jakub Jelinek <jakub@redhat.com> PR c/44715 diff --git a/gcc/config/aarch64/driver-aarch64.c b/gcc/config/aarch64/driver-aarch64.c index 2bf1f9a..100e0c3 100644 --- a/gcc/config/aarch64/driver-aarch64.c +++ b/gcc/config/aarch64/driver-aarch64.c @@ -178,7 +178,6 @@ host_detect_local_cpu (int argc, const char **argv) unsigned int variants[2] = { ALL_VARIANTS, ALL_VARIANTS }; unsigned int n_variants = 0; bool processed_exts = false; - const char *ext_string = ""; unsigned long extension_flags = 0; unsigned long default_flags = 0; @@ -348,11 +347,12 @@ host_detect_local_cpu (int argc, const char **argv) if (tune) return res; - ext_string - = aarch64_get_extension_string_for_isa_flags (extension_flags, - default_flags).c_str (); - - res = concat (res, ext_string, NULL); + { + std::string extension + = aarch64_get_extension_string_for_isa_flags (extension_flags, + default_flags); + res = concat (res, extension.c_str (), NULL); + } return res; |