From e613205cefe50e429bafba2bc4cb71126b1f36df Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Wed, 30 Nov 2016 14:50:43 +0000
Subject: [PATCH] libiberty: avoid reading past end of buffer in
strndup/xstrndup (PR c/78498)
gcc/ChangeLog:
PR c/78498
* selftest.c (selftest::assert_strndup_eq): New function.
(selftest::test_strndup): New function.
(selftest::test_libiberty): New function.
(selftest::selftest_c_tests): Call test_libiberty.
gcc/testsuite/ChangeLog:
PR c/78498
* gcc.dg/format/pr78494.c: New test case.
libiberty/ChangeLog:
PR c/78498
* strndup.c (strlen): Delete decl.
(strnlen): Add decl.
(strndup): Call strnlen rather than strlen.
* xstrndup.c (xstrndup): Likewise.
From-SVN: r243030
---
gcc/ChangeLog | 8 +++++
gcc/selftest.c | 48 +++++++++++++++++++++++++++
gcc/testsuite/ChangeLog | 5 +++
gcc/testsuite/gcc.dg/format/pr78494.c | 12 +++++++
libiberty/ChangeLog | 8 +++++
libiberty/strndup.c | 7 ++--
libiberty/xstrndup.c | 5 +--
7 files changed, 84 insertions(+), 9 deletions(-)
create mode 100644 gcc/testsuite/gcc.dg/format/pr78494.c
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 97daa79d06b8..378ffa484e17 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,11 @@
+2016-11-30 David Malcolm <dmalcolm@redhat.com>
+
+ PR c/78498
+ * selftest.c (selftest::assert_strndup_eq): New function.
+ (selftest::test_strndup): New function.
+ (selftest::test_libiberty): New function.
+ (selftest::selftest_c_tests): Call test_libiberty.
+
2016-11-30 Segher Boessenkool <segher@kernel.crashing.org>
PR rtl-optimization/78610
diff --git a/gcc/selftest.c b/gcc/selftest.c
index 2a729be9b5e5..6df73c24084a 100644
--- a/gcc/selftest.c
+++ b/gcc/selftest.c
@@ -198,6 +198,53 @@ read_file (const location &loc, const char *path)
return result;
}
+/* Selftests for libiberty. */
+
+/* Verify that both strndup and xstrndup generate EXPECTED
+ when called on SRC and N. */
+
+static void
+assert_strndup_eq (const char *expected, const char *src, size_t n)
+{
+ char *buf = strndup (src, n);
+ if (buf)
+ ASSERT_STREQ (expected, buf);
+ free (buf);
+
+ buf = xstrndup (src, n);
+ ASSERT_STREQ (expected, buf);
+ free (buf);
+}
+
+/* Verify that strndup and xstrndup work as expected. */
+
+static void
+test_strndup ()
+{
+ assert_strndup_eq ("", "test", 0);
+ assert_strndup_eq ("t", "test", 1);
+ assert_strndup_eq ("te", "test", 2);
+ assert_strndup_eq ("tes", "test", 3);
+ assert_strndup_eq ("test", "test", 4);
+ assert_strndup_eq ("test", "test", 5);
+
+ /* Test on an string without zero termination. */
+ const char src[4] = {'t', 'e', 's', 't'};
+ assert_strndup_eq ("", src, 0);
+ assert_strndup_eq ("t", src, 1);
+ assert_strndup_eq ("te", src, 2);
+ assert_strndup_eq ("tes", src, 3);
+ assert_strndup_eq ("test", src, 4);
+}
+
+/* Run selftests for libiberty. */
+
+static void
+test_libiberty ()
+{
+ test_strndup ();
+}
+
/* Selftests for the selftest system itself. */
/* Sanity-check the ASSERT_ macros with various passing cases. */
@@ -245,6 +292,7 @@ test_read_file ()
void
selftest_c_tests ()
{
+ test_libiberty ();
test_assertions ();
test_named_temp_file ();
test_read_file ();
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index d1b5c90a7cac..d6166b9edde4 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2016-11-30 David Malcolm <dmalcolm@redhat.com>
+
+ PR c/78498
+ * gcc.dg/format/pr78494.c: New test case.
+
2016-11-30 David Edelsohn <dje.gcc@gmail.com>
* g++.dg/debug/dwarf2/ref-1.C: Don't XFAIL scan-assembler-not on AIX.
diff --git a/gcc/testsuite/gcc.dg/format/pr78494.c b/gcc/testsuite/gcc.dg/format/pr78494.c
new file mode 100644
index 000000000000..4b53a68c2c04
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/format/pr78494.c
@@ -0,0 +1,12 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -Wall -Wextra -fdiagnostics-show-caret" } */
+
+void f (void)
+{
+ __builtin_printf ("%i", ""); /* { dg-warning "expects argument of type" } */
+/* { dg-begin-multiline-output "" }
+ __builtin_printf ("%i", "");
+ ~^ ~~
+ %s
+ { dg-end-multiline-output "" } */
+}
diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
index 42164c406af9..f0959c99f5cd 100644
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,3 +1,11 @@
+2016-11-30 David Malcolm <dmalcolm@redhat.com>
+
+ PR c/78498
+ * strndup.c (strlen): Delete decl.
+ (strnlen): Add decl.
+ (strndup): Call strnlen rather than strlen.
+ * xstrndup.c (xstrndup): Likewise.
+
2016-11-29 Nathan Sidwell <nathan@acm.org>
* cp-demangle.c (d_print_comp_inner): Fix parameter indentation.
diff --git a/libiberty/strndup.c b/libiberty/strndup.c
index 9e9b4e2991f8..4556b9627467 100644
--- a/libiberty/strndup.c
+++ b/libiberty/strndup.c
@@ -33,7 +33,7 @@ memory was available. The result is always NUL terminated.
#include "ansidecl.h"
#include <stddef.h>
-extern size_t strlen (const char*);
+extern size_t strnlen (const char *s, size_t maxlen);
extern PTR malloc (size_t);
extern PTR memcpy (PTR, const PTR, size_t);
@@ -41,10 +41,7 @@ char *
strndup (const char *s, size_t n)
{
char *result;
- size_t len = strlen (s);
-
- if (n < len)
- len = n;
+ size_t len = strnlen (s, n);
result = (char *) malloc (len + 1);
if (!result)
diff --git a/libiberty/xstrndup.c b/libiberty/xstrndup.c
index 0a41f608ec0b..c3d2d833902e 100644
--- a/libiberty/xstrndup.c
+++ b/libiberty/xstrndup.c
@@ -48,10 +48,7 @@ char *
xstrndup (const char *s, size_t n)
{
char *result;
- size_t len = strlen (s);
-
- if (n < len)
- len = n;
+ size_t len = strnlen (s, n);
result = XNEWVEC (char, len + 1);
--
GitLab