From: Martin Liska <mliska@suse.cz>
Date: Wed, 10 Nov 2021 10:07:15 +0000 (+0100)
Subject: lto-wrapper: fix memory corruption.
X-Git-Tag: basepoints/gcc-13~3193
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c905e7247119878a7e360f58ed75f8a629fa5d1b;p=thirdparty%2Fgcc.git

lto-wrapper: fix memory corruption.

The first argument of merge_and_complain is actually vector where
we merge options and it should be propagated to caller properly.

Fixes:

==6656== Invalid read of size 8
==6656==    at 0x408056: merge_and_complain (lto-wrapper.c:335)
==6656==    by 0x408056: find_and_merge_options(int, long, char const*, vec<cl_decoded_option, va_heap, vl_ptr>, vec<cl_decoded_option, va_heap, vl_ptr>*, char const*) (lto-wrapper.c:1139)
==6656==    by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505)
==6656==    by 0x4061A2: main (lto-wrapper.c:2138)
==6656==  Address 0x4e69b18 is 344 bytes inside a block of size 1,768 free'd
==6656==    at 0x484339F: realloc (vg_replace_malloc.c:1192)
==6656==    by 0x4993C0: xrealloc (xmalloc.c:181)
==6656==    by 0x406A82: reserve<cl_decoded_option> (vec.h:290)
==6656==    by 0x406A82: reserve (vec.h:1858)
==6656==    by 0x406A82: vec<cl_decoded_option, va_heap, vl_ptr>::safe_push(cl_decoded_option const&) [clone .isra.0] (vec.h:1967)
==6656==    by 0x4077E0: merge_and_complain (lto-wrapper.c:457)
==6656==    by 0x4077E0: find_and_merge_options(int, long, char const*, vec<cl_decoded_option, va_heap, vl_ptr>, vec<cl_decoded_option, va_heap, vl_ptr>*, char const*) (lto-wrapper.c:1139)
==6656==    by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505)
==6656==    by 0x4061A2: main (lto-wrapper.c:2138)
==6656==  Block was alloc'd at
==6656==    at 0x483E70F: malloc (vg_replace_malloc.c:380)
==6656==    by 0x4993D7: xrealloc (xmalloc.c:179)
==6656==    by 0x407476: reserve<cl_decoded_option> (vec.h:290)
==6656==    by 0x407476: reserve (vec.h:1858)
==6656==    by 0x407476: reserve_exact (vec.h:1878)
==6656==    by 0x407476: create (vec.h:1893)
==6656==    by 0x407476: get_options_from_collect_gcc_options(char const*, char const*) (lto-wrapper.c:163)
==6656==    by 0x407674: find_and_merge_options(int, long, char const*, vec<cl_decoded_option, va_heap, vl_ptr>, vec<cl_decoded_option, va_heap, vl_ptr>*, char const*) (lto-wrapper.c:1132)
==6656==    by 0x408AFC: run_gcc(unsigned int, char**) (lto-wrapper.c:1505)
==6656==    by 0x4061A2: main (lto-wrapper.c:2138)

gcc/ChangeLog:

	* lto-wrapper.c (merge_and_complain): Make the first argument
	a reference type.
---

diff --git a/gcc/lto-wrapper.c b/gcc/lto-wrapper.c
index 7b9e4883f38e..54f642d76924 100644
--- a/gcc/lto-wrapper.c
+++ b/gcc/lto-wrapper.c
@@ -224,7 +224,7 @@ merge_flto_options (vec<cl_decoded_option> &decoded_options,
    ontop of DECODED_OPTIONS.  */
 
 static void
-merge_and_complain (vec<cl_decoded_option> decoded_options,
+merge_and_complain (vec<cl_decoded_option> &decoded_options,
 		    vec<cl_decoded_option> fdecoded_options,
 		    vec<cl_decoded_option> decoded_cl_options)
 {