projects / platform / upstream / gcc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d33168) | patch
lto-wrapper: fix memory corruption.
authorMartin Liska <mliska@suse.cz>
Wed, 10 Nov 2021 10:07:15 +0000 (11:07 +0100)
committerMartin Liska <mliska@suse.cz>
Wed, 10 Nov 2021 12:43:24 +0000 (13:43 +0100)
commitc905e7247119878a7e360f58ed75f8a629fa5d1b
tree8c2caefc534090b972a70c64e55101788e017350tree | snapshot
parent6d331688fcb69e9aae84bb94cb7cc54641a90ab6commit | diff
lto-wrapper: fix memory corruption.

The first argument of merge_and_complain is actually vector where
we merge options and it should be propagated to caller properly.

Fixes:

==6656== Invalid read of size 8
==6656==    at 0x408056: merge_and_complain (lto-wrapper.c:335)
==6656==    by 0x408056: find_and_merge_options(int, long, char const*, vec<cl_decoded_option, va_heap, vl_ptr>, vec<cl_decoded_option, va_heap, vl_ptr>*, char const*) (lto-wrapper.c:1139)
==6656==    by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505)
==6656==    by 0x4061A2: main (lto-wrapper.c:2138)
==6656==  Address 0x4e69b18 is 344 bytes inside a block of size 1,768 free'd
==6656==    at 0x484339F: realloc (vg_replace_malloc.c:1192)
==6656==    by 0x4993C0: xrealloc (xmalloc.c:181)
==6656==    by 0x406A82: reserve<cl_decoded_option> (vec.h:290)
==6656==    by 0x406A82: reserve (vec.h:1858)
==6656==    by 0x406A82: vec<cl_decoded_option, va_heap, vl_ptr>::safe_push(cl_decoded_option const&) [clone .isra.0] (vec.h:1967)
==6656==    by 0x4077E0: merge_and_complain (lto-wrapper.c:457)
==6656==    by 0x4077E0: find_and_merge_options(int, long, char const*, vec<cl_decoded_option, va_heap, vl_ptr>, vec<cl_decoded_option, va_heap, vl_ptr>*, char const*) (lto-wrapper.c:1139)
==6656==    by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505)
==6656==    by 0x4061A2: main (lto-wrapper.c:2138)
==6656==  Block was alloc'd at
==6656==    at 0x483E70F: malloc (vg_replace_malloc.c:380)
==6656==    by 0x4993D7: xrealloc (xmalloc.c:179)
==6656==    by 0x407476: reserve<cl_decoded_option> (vec.h:290)
==6656==    by 0x407476: reserve (vec.h:1858)
==6656==    by 0x407476: reserve_exact (vec.h:1878)
==6656==    by 0x407476: create (vec.h:1893)
==6656==    by 0x407476: get_options_from_collect_gcc_options(char const*, char const*) (lto-wrapper.c:163)
==6656==    by 0x407674: find_and_merge_options(int, long, char const*, vec<cl_decoded_option, va_heap, vl_ptr>, vec<cl_decoded_option, va_heap, vl_ptr>*, char const*) (lto-wrapper.c:1132)
==6656==    by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505)
==6656==    by 0x4061A2: main (lto-wrapper.c:2138)

gcc/ChangeLog:

* lto-wrapper.c (merge_and_complain): Make the first argument
a reference type.
gcc/lto-wrapper.c diff | blob | history
Domain: System / Toolchain;