From e919ffcee7037df29e4e65d2c665ec3498c6f963 Mon Sep 17 00:00:00 2001 From: krebbel Date: Fri, 29 Jul 2016 08:04:01 +0000 Subject: [PATCH] gfortran: Fix allocation of diagnostig string (was too small). The attached patch fixes an out of bound write to memory allocated with alloca() on the stack. This rarely ever happened because on one hand -fbounds-check needs to be enabled, and on the other hand alloca() used to allocate a few bytes extra most of the time so most of the time the excess write did no harm. gcc/fortran/ChangeLog: * trans-array.c (gfc_conv_array_ref): Fix allocation of diagnostic message (was too small). git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@238849 138bc75d-0d04-0410-961f-82ee72b054a4 --- gcc/fortran/ChangeLog | 5 +++++ gcc/fortran/trans-array.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gcc/fortran/ChangeLog b/gcc/fortran/ChangeLog index b9ca1065b18c..e8f8a81aeb9b 100644 --- a/gcc/fortran/ChangeLog +++ b/gcc/fortran/ChangeLog @@ -1,3 +1,8 @@ +2016-07-29 Dominik Vogt + + * trans-array.c (gfc_conv_array_ref): Fix allocation of diagnostic + message (was too small). + 2016-07-28 Steven G. Kargl PR fortran/71067 diff --git a/gcc/fortran/trans-array.c b/gcc/fortran/trans-array.c index e95c8dd82353..7572755a7a6d 100644 --- a/gcc/fortran/trans-array.c +++ b/gcc/fortran/trans-array.c @@ -3332,7 +3332,7 @@ gfc_conv_array_ref (gfc_se * se, gfc_array_ref * ar, gfc_expr *expr, if (ref->type == REF_ARRAY && &ref->u.ar == ar) break; if (ref->type == REF_COMPONENT) - len += 1 + strlen (ref->u.c.component->name); + len += 2 + strlen (ref->u.c.component->name); } var_name = XALLOCAVEC (char, len); -- 2.47.3