From: Maciej W. Rozycki <macro@embecosm.com>
Date: Tue, 18 Jan 2022 19:39:13 +0000 (+0000)
Subject: RISC-V: Fix use-after-free error in `parse_multiletter_ext'
X-Git-Tag: basepoints/gcc-13~1617
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dad495e30135904b0d0305eab8c0ce5f838440d4;p=thirdparty%2Fgcc.git

RISC-V: Fix use-after-free error in `parse_multiletter_ext'

Avoid undefined arithmetic involving a pointer to a heap allocation that
has been freed and move a problematic calculation ahead of the following
call to `free' in `riscv_subset_list::parse_multiletter_ext', removing a
compilation error:

.../gcc/common/config/riscv/riscv-common.cc: In member function 'const char* riscv_subset_list::parse_multiletter_ext(const char*, const char*, const char*)':
.../gcc/common/config/riscv/riscv-common.cc:905:27: error: pointer 'subset' used after 'void free(void*)' [-Werror=use-after-free]
  905 |       p += end_of_version - subset;
      |            ~~~~~~~~~~~~~~~^~~~~~~~
.../gcc/common/config/riscv/riscv-common.cc:904:12: note: call to 'void free(void*)' here
  904 |       free (subset);
      |       ~~~~~^~~~~~~~
cc1plus: all warnings being treated as errors
make[2]: *** [Makefile:2428: riscv-common.o] Error 1

and a build regression from commit 671a283636de ("Add -Wuse-after-free
[PR80532].").

	gcc/
	* common/config/riscv/riscv-common.cc
	(riscv_subset_list::parse_multiletter_ext): Move pointer
	arithmetic ahead of `free'.
---

diff --git a/gcc/common/config/riscv/riscv-common.cc b/gcc/common/config/riscv/riscv-common.cc
index 004822bfe6ca..25f56707d949 100644
--- a/gcc/common/config/riscv/riscv-common.cc
+++ b/gcc/common/config/riscv/riscv-common.cc
@@ -901,8 +901,8 @@ riscv_subset_list::parse_multiletter_ext (const char *p,
 	}
 
       add (subset, major_version, minor_version, explicit_version_p, false);
-      free (subset);
       p += end_of_version - subset;
+      free (subset);
 
       if (*p != '\0' && *p != '_')
 	{