From 30c335ac44ecb4f17645925360177618763d7c48 Mon Sep 17 00:00:00 2001
From: Bill Schmidt <wschmidt@linux.ibm.com>
Date: Thu, 19 Aug 2021 16:07:55 -0500
Subject: [PATCH] rs6000: Avoid buffer overruns

2021-08-19  Bill Schmidt  <wschmidt@linux.ibm.com>

gcc/
	PR target/101830
	* config/rs6000/rs6000-gen-builtins.c (consume_whitespace):
	Diagnose buffer overrun.
	(safe_inc_pos): Fix overrun detection.
	(match_identifier): Diagnose buffer overrun.
	(match_integer): Likewise.
	(match_to_right_bracket): Likewise.
---
 gcc/config/rs6000/rs6000-gen-builtins.c | 34 +++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/gcc/config/rs6000/rs6000-gen-builtins.c b/gcc/config/rs6000/rs6000-gen-builtins.c
index e5d3b71..05b2d29 100644
--- a/gcc/config/rs6000/rs6000-gen-builtins.c
+++ b/gcc/config/rs6000/rs6000-gen-builtins.c
@@ -597,6 +597,13 @@ consume_whitespace (void)
 {
   while (pos < LINELEN && isspace(linebuf[pos]) && linebuf[pos] != '\n')
     pos++;
+
+  if (pos >= LINELEN)
+    {
+      diag ("line length overrun at %d.\n", pos);
+      exit (1);
+    }
+
   return;
 }
 
@@ -623,7 +630,7 @@ advance_line (FILE *file)
 static inline void
 safe_inc_pos (void)
 {
-  if (pos++ >= LINELEN)
+  if (++pos >= LINELEN)
     {
       (*diag) ("line length overrun.\n");
       exit (1);
@@ -636,9 +643,16 @@ static char *
 match_identifier (void)
 {
   int lastpos = pos - 1;
-  while (isalnum (linebuf[lastpos + 1]) || linebuf[lastpos + 1] == '_')
+  while (lastpos < LINELEN - 1
+	 && (isalnum (linebuf[lastpos + 1]) || linebuf[lastpos + 1] == '_'))
     ++lastpos;
 
+  if (lastpos >= LINELEN - 1)
+    {
+      diag ("line length overrun at %d.\n", lastpos);
+      exit (1);
+    }
+
   if (lastpos < pos)
     return 0;
 
@@ -660,9 +674,15 @@ match_integer (void)
     safe_inc_pos ();
 
   int lastpos = pos - 1;
-  while (isdigit (linebuf[lastpos + 1]))
+  while (lastpos < LINELEN - 1 && isdigit (linebuf[lastpos + 1]))
     ++lastpos;
 
+  if (lastpos >= LINELEN - 1)
+    {
+      diag ("line length overrun at %d.\n", lastpos);
+      exit (1);
+    }
+
   if (lastpos < pos)
     return NULL;
 
@@ -680,7 +700,7 @@ static const char *
 match_to_right_bracket (void)
 {
   int lastpos = pos - 1;
-  while (linebuf[lastpos + 1] != ']')
+  while (lastpos < LINELEN - 1 && linebuf[lastpos + 1] != ']')
     {
       if (linebuf[lastpos + 1] == '\n')
 	{
@@ -690,6 +710,12 @@ match_to_right_bracket (void)
       ++lastpos;
     }
 
+  if (lastpos >= LINELEN - 1)
+    {
+      diag ("line length overrun at %d.\n", lastpos);
+      exit (1);
+    }
+
   if (lastpos < pos)
     return 0;
 
-- 
2.7.4