https://gcc.gnu.org/g:7bcef7532b10040bb82567136a208d0c4560767d
commit r15-1998-g7bcef7532b10040bb82567136a208d0c4560767d
Author: Richard Sandiford <richard.sandif...@arm.com>
Date: Fri Jul 12 10:30:22 2024 +0100
aarch64: Avoid alloca in target attribute parsing
The handling of the target attribute used alloca to allocate
a copy of unverified user input, which could exhaust the stack
if the input is too long. This patch converts it to auto_vecs
instead.
I wondered about converting it to use std::string, which we
already use elsewhere, but that would be more invasive and
controversial.
gcc/
* config/aarch64/aarch64.cc (aarch64_process_one_target_attr)
(aarch64_process_target_attr): Avoid alloca.
Diff:
---
gcc/config/aarch64/aarch64.cc | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
index 7f0cc47d0f07..0d41a193ec18 100644
--- a/gcc/config/aarch64/aarch64.cc
+++ b/gcc/config/aarch64/aarch64.cc
@@ -19405,8 +19405,10 @@ aarch64_process_one_target_attr (char *arg_str)
return false;
}
- char *str_to_check = (char *) alloca (len + 1);
- strcpy (str_to_check, arg_str);
+ auto_vec<char, 32> buffer;
+ buffer.safe_grow (len + 1);
+ char *str_to_check = buffer.address ();
+ memcpy (str_to_check, arg_str, len + 1);
/* We have something like __attribute__ ((target ("+fp+nosimd"))).
It is easier to detect and handle it explicitly here rather than going
@@ -19569,8 +19571,10 @@ aarch64_process_target_attr (tree args)
}
size_t len = strlen (TREE_STRING_POINTER (args));
- char *str_to_check = (char *) alloca (len + 1);
- strcpy (str_to_check, TREE_STRING_POINTER (args));
+ auto_vec<char, 32> buffer;
+ buffer.safe_grow (len + 1);
+ char *str_to_check = buffer.address ();
+ memcpy (str_to_check, TREE_STRING_POINTER (args), len + 1);
if (len == 0)
{
