From 81e40f3ae4a35b55ff2733a73d48a2f063aa5721 Mon Sep 17 00:00:00 2001 From: Matthew Malcomson Date: Tue, 5 Nov 2019 15:35:15 +0000 Subject: [PATCH] [aarch64] Allocate space for err_str in aarch64_handle_attr_branch_protection -fsanitize=hwaddress found a one-byte overwrite when running the testsuite here. aarch64_handle_attr_branch_protection allocates `strlen(str)` bytes for an error string, which is populated by `strcpy(..., str)` in the case where the branch protection string is completely invalid. Not tested -- I don't want to re-build and it seems obvious. gcc/ChangeLog: 2019-11-05 Matthew Malcomson * config/aarch64/aarch64.c (aarch64_handle_attr_cpu): Allocate enough bytes for the NULL character. From-SVN: r277845 --- gcc/ChangeLog | 5 +++++ gcc/config/aarch64/aarch64.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gcc/ChangeLog b/gcc/ChangeLog index ca42d43f9ec..320b4923db9 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,8 @@ +2019-11-05 Matthew Malcomson + + * config/aarch64/aarch64.c (aarch64_handle_attr_cpu): Allocate + enough bytes for the NULL character. + 2019-11-05 Richard Biener PR tree-optimization/92280 diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c index f28fe804761..1dfff331a5a 100644 --- a/gcc/config/aarch64/aarch64.c +++ b/gcc/config/aarch64/aarch64.c @@ -14156,7 +14156,7 @@ aarch64_handle_attr_cpu (const char *str) static bool aarch64_handle_attr_branch_protection (const char* str) { - char *err_str = (char *) xmalloc (strlen (str)); + char *err_str = (char *) xmalloc (strlen (str) + 1); enum aarch64_parse_opt_result res = aarch64_parse_branch_protection (str, &err_str); bool success = false; -- 2.30.2