Running:
$ valgrind ./xgcc -B. -c test.c -march=native
on aarch64 shows a use-after-free in host_detect_local_cpu due
to the std::string result of aarch64_get_extension_string_for_isa_flags
only living until immediately after a c_str call.
This leads to corrupt "-march=" values being passed to cc1.
This patch fixes the use-after-free, though it appears to also need
Tamar's patch here:
https://gcc.gnu.org/ml/gcc-patches/2018-12/msg01302.html
in order to generate valid values for cc1. This may have worked by
accident in the past, if the corrupt "-march=" value happened to be
0-terminated in the "right" place; with this patch it now appears
to reliably break without Tamar's patch.
gcc/ChangeLog:
PR driver/89014
* config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix
use-after-free of the result of
aarch64_get_extension_string_for_isa_flags.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@268189
138bc75d-0d04-0410-961f-
82ee72b054a4
+2019-01-23 David Malcolm <dmalcolm@redhat.com>
+
+ PR driver/89014
+ * config/aarch64/driver-aarch64.c (host_detect_local_cpu): Fix
+ use-after-free of the result of
+ aarch64_get_extension_string_for_isa_flags.
+
2019-01-23 Jakub Jelinek <jakub@redhat.com>
PR c/44715
unsigned int variants[2] = { ALL_VARIANTS, ALL_VARIANTS };
unsigned int n_variants = 0;
bool processed_exts = false;
- const char *ext_string = "";
unsigned long extension_flags = 0;
unsigned long default_flags = 0;
if (tune)
return res;
- ext_string
- = aarch64_get_extension_string_for_isa_flags (extension_flags,
- default_flags).c_str ();
-
- res = concat (res, ext_string, NULL);
+ {
+ std::string extension
+ = aarch64_get_extension_string_for_isa_flags (extension_flags,
+ default_flags);
+ res = concat (res, extension.c_str (), NULL);
+ }
return res;
projects / thirdparty / gcc.git / commitdiff
