From dad495e30135904b0d0305eab8c0ce5f838440d4 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" Date: Tue, 18 Jan 2022 19:39:13 +0000 Subject: [PATCH] RISC-V: Fix use-after-free error in `parse_multiletter_ext' Avoid undefined arithmetic involving a pointer to a heap allocation that has been freed and move a problematic calculation ahead of the following call to `free' in `riscv_subset_list::parse_multiletter_ext', removing a compilation error: .../gcc/common/config/riscv/riscv-common.cc: In member function 'const char* riscv_subset_list::parse_multiletter_ext(const char*, const char*, const char*)': .../gcc/common/config/riscv/riscv-common.cc:905:27: error: pointer 'subset' used after 'void free(void*)' [-Werror=use-after-free] 905 | p += end_of_version - subset; | ~~~~~~~~~~~~~~~^~~~~~~~ .../gcc/common/config/riscv/riscv-common.cc:904:12: note: call to 'void free(void*)' here 904 | free (subset); | ~~~~~^~~~~~~~ cc1plus: all warnings being treated as errors make[2]: *** [Makefile:2428: riscv-common.o] Error 1 and a build regression from commit 671a283636de ("Add -Wuse-after-free [PR80532]."). gcc/ * common/config/riscv/riscv-common.cc (riscv_subset_list::parse_multiletter_ext): Move pointer arithmetic ahead of `free'. --- gcc/common/config/riscv/riscv-common.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcc/common/config/riscv/riscv-common.cc b/gcc/common/config/riscv/riscv-common.cc index 004822bfe6ca..25f56707d949 100644 --- a/gcc/common/config/riscv/riscv-common.cc +++ b/gcc/common/config/riscv/riscv-common.cc @@ -901,8 +901,8 @@ riscv_subset_list::parse_multiletter_ext (const char *p, } add (subset, major_version, minor_version, explicit_version_p, false); - free (subset); p += end_of_version - subset; + free (subset); if (*p != '\0' && *p != '_') { -- 2.47.2