From 8154466362e85c8c65437719137839522dd81a97 Mon Sep 17 00:00:00 2001
From: Harald Anlauf <anlauf@gmx.de>
Date: Fri, 5 Jun 2020 20:30:34 +0200
Subject: PR fortran/95530, PR fortran/95537 - Buffer overflows with long
 symbols

The testcases for PR95090 and PR95106 trigger buffer overflows with long
symbols that were found with an instrumented compiler.  Enlarge the
affected buffers, and add checks that the buffers will suffice.

2020-06-05  Harald Anlauf  <anlauf@gmx.de>

gcc/fortran/
	PR fortran/95530
	PR fortran/95537
	* decl.c (gfc_match_decl_type_spec): Enlarge buffer, and enhance
	string copy to detect buffer overflow.
	* gfortran.h (gfc_common_head): Enlarge buffer.
	* trans-common.c (finish_equivalences): Enhance string copy to
	detect buffer overflow.
---
 gcc/fortran/trans-common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'gcc/fortran/trans-common.c')

diff --git a/gcc/fortran/trans-common.c b/gcc/fortran/trans-common.c
index 3775a8b..1acc336 100644
--- a/gcc/fortran/trans-common.c
+++ b/gcc/fortran/trans-common.c
@@ -1314,7 +1314,11 @@ finish_equivalences (gfc_namespace *ns)
 	      c->where = ns->proc_name->declared_at;
 	    else if (ns->is_block_data)
 	      c->where = ns->sym_root->n.sym->declared_at;
-	    strcpy (c->name, z->module);
+
+	    size_t len = strlen (z->module);
+	    gcc_assert (len < sizeof (c->name));
+	    memcpy (c->name, z->module, len);
+	    c->name[len] = '\0';
 	  }
 	else
 	  c = NULL;
-- 
cgit v1.1