[aarch64] Allocate space for err_str in aarch64_handle_attr_branch_protection

-fsanitize=hwaddress found a one-byte overwrite when running the
testsuite here.  aarch64_handle_attr_branch_protection allocates
`strlen(str)` bytes for an error string, which is populated by
`strcpy(..., str)` in the case where the branch protection string is
completely invalid.

Not tested -- I don't want to re-build and it seems obvious.

gcc/ChangeLog:

2019-11-05  Matthew Malcomson  <matthew.malcomson@arm.com>

	* config/aarch64/aarch64.c (aarch64_handle_attr_cpu): Allocate
	enough bytes for the NULL character.

From-SVN: r277845

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index ca42d43..320b492 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,8 @@
+2019-11-05  Matthew Malcomson  <matthew.malcomson@arm.com>
+
+       * config/aarch64/aarch64.c (aarch64_handle_attr_cpu): Allocate
+       enough bytes for the NULL character.
+
 2019-11-05  Richard Biener  <rguenther@suse.de>
 
        PR tree-optimization/92280

diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index f28fe80..1dfff33 100644 (file)
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -14156,7 +14156,7 @@ aarch64_handle_attr_cpu (const char *str)
  static bool
  aarch64_handle_attr_branch_protection (const char* str)
  {
-  char *err_str = (char *) xmalloc (strlen (str));
+  char *err_str = (char *) xmalloc (strlen (str) + 1);
   enum aarch64_parse_opt_result res = aarch64_parse_branch_protection (str,
                                                                      &err_str);
   bool success = false;