aarch64: fix use-after-free in -march=native (PR driver/89014)

Running:
  $ valgrind ./xgcc -B. -c test.c -march=native
on aarch64 shows a use-after-free in host_detect_local_cpu due
to the std::string result of aarch64_get_extension_string_for_isa_flags
only living until immediately after a c_str call.

This leads to corrupt "-march=" values being passed to cc1.

This patch fixes the use-after-free, though it appears to also need
Tamar's patch here:
  https://gcc.gnu.org/ml/gcc-patches/2018-12/msg01302.html
in order to generate valid values for cc1.  This may have worked by
accident in the past, if the corrupt "-march=" value happened to be
0-terminated in the "right" place; with this patch it now appears
to reliably break without Tamar's patch.

gcc/ChangeLog:
	PR driver/89014
	* config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix
	use-after-free of the result of
	aarch64_get_extension_string_for_isa_flags.

From-SVN: r268189

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 401b81d..312a04f 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2019-01-23  David Malcolm  <dmalcolm@redhat.com>
+
+       PR driver/89014
+       * config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix
+       use-after-free of the result of
+       aarch64_get_extension_string_for_isa_flags.
+
 2019-01-23  Jakub Jelinek  <jakub@redhat.com>
 
        PR c/44715

diff --git a/gcc/config/aarch64/driver-aarch64.c b/gcc/config/aarch64/driver-aarch64.c
index 2bf1f9a..100e0c3 100644 (file)
--- a/gcc/config/aarch64/driver-aarch64.c
+++ b/gcc/config/aarch64/driver-aarch64.c
@@ -178,7 +178,6 @@ host_detect_local_cpu (int argc, const char **argv)
   unsigned int variants[2] = { ALL_VARIANTS, ALL_VARIANTS };
   unsigned int n_variants = 0;
   bool processed_exts = false;
-  const char *ext_string = "";
   unsigned long extension_flags = 0;
   unsigned long default_flags = 0;
 
@@ -348,11 +347,12 @@ host_detect_local_cpu (int argc, const char **argv)
   if (tune)
     return res;
 
-  ext_string
-    = aarch64_get_extension_string_for_isa_flags (extension_flags,
-                                                 default_flags).c_str ();
-
-  res = concat (res, ext_string, NULL);
+  {
+    std::string extension
+      = aarch64_get_extension_string_for_isa_flags (extension_flags,
+                                                   default_flags);
+    res = concat (res, extension.c_str (), NULL);
+  }
 
   return res;