git.ipfire.org Git - thirdparty/gcc.git/commit

author	Jakub Jelinek <jakub@redhat.com>
	Thu, 22 Feb 2024 12:07:25 +0000 (13:07 +0100)
committer	Jakub Jelinek <jakub@redhat.com>
	Thu, 22 Feb 2024 12:07:25 +0000 (13:07 +0100)
commit	a0782531b8270f0fdb3f3e09b4ce544d5d1eef14
tree	05f7d59929048328130610d2cacbf1ff5db2a91e	tree
parent	7ed800c9c94b57077ba5911974a63bc06a5e1c35	commit \| diff

profile-count: Don't dump through a temporary buffer [PR111960]

The profile_count::dump (char *, struct function * = NULL) const;
method has a single caller, the
profile_count::dump (FILE *f, struct function *fun) const;
method and for that going through a temporary buffer is just slower
and opens doors for buffer overflows, which is exactly why this P1
was filed.
The buffer size is 64 bytes, the previous maximum
"%" PRId64 " (%s)"
would print up to 61 bytes in there (19 bytes for arbitrary uint64_t:61
bitfield printed as signed, "estimated locally, globally 0 adjusted"
i.e. 38 bytes longest %s and 4 other characters).
Now, after the r14-2389 changes, it can be
19 + 38 plus 11 other characters + %.4f, which is worst case
309 chars before decimal point, decimal point and 4 digits after it,
so total 382 bytes.

So, either we could bump the buffer[64] to buffer[400], or the following
patch just drops the indirection through buffer and prints it directly to
stream.  After all, having APIs which fill in some buffer without passing
down the size of the buffer is just asking for buffer overflows over time.

2024-02-22  Jakub Jelinek  <jakub@redhat.com>

PR ipa/111960
* profile-count.h (profile_count::dump): Remove overload with
char * first argument.
* profile-count.cc (profile_count::dump): Change overload with char *
first argument which uses sprintf into the overfload with FILE *
first argument and use fprintf instead.  Remove overload which wrapped
it.

gcc/profile-count.cc		diff \| blob \| blame \| history
gcc/profile-count.h		diff \| blob \| blame \| history