gfortran: Fix allocation of diagnostig string (was too small).

The attached patch fixes an out of bound write to memory allocated
with alloca() on the stack.  This rarely ever happened because on
one hand -fbounds-check needs to be enabled, and on the other hand
alloca() used to allocate a few bytes extra most of the time so
most of the time the excess write did no harm.

gcc/fortran/ChangeLog:

	* trans-array.c (gfc_conv_array_ref): Fix allocation of diagnostic
	message (was too small).

From-SVN: r238849

diff --git a/gcc/fortran/ChangeLog b/gcc/fortran/ChangeLog
index b9ca1065b18c104ff8222194c968d38d16d8a64c..e8f8a81aeb9b95e2c215b5501c9ee54b88b0d7f9 100644 (file)
--- a/gcc/fortran/ChangeLog
+++ b/gcc/fortran/ChangeLog
@@ -1,3 +1,8 @@
+2016-07-29  Dominik Vogt  <vogt@linux.vnet.ibm.com>
+
+       * trans-array.c (gfc_conv_array_ref): Fix allocation of diagnostic
+       message (was too small).
+
 2016-07-28  Steven G. Kargl  <kargl@gcc.gnu.org>
 
        PR fortran/71067

diff --git a/gcc/fortran/trans-array.c b/gcc/fortran/trans-array.c
index e95c8dd82353ea3c785d05bcde253415151dbcdc..7572755a7a6ddcf1eb69ec5753dea9b50b043420 100644 (file)
--- a/gcc/fortran/trans-array.c
+++ b/gcc/fortran/trans-array.c
@@ -3332,7 +3332,7 @@ gfc_conv_array_ref (gfc_se * se, gfc_array_ref * ar, gfc_expr *expr,
          if (ref->type == REF_ARRAY && &ref->u.ar == ar)
            break;
          if (ref->type == REF_COMPONENT)
-           len += 1 + strlen (ref->u.c.component->name);
+           len += 2 + strlen (ref->u.c.component->name);
        }
 
       var_name = XALLOCAVEC (char, len);