gcc7: fix potential segmentation fault

Under some rare circumstances we may end up with GCC segmentation fault.
This was observed with versions of sysmacros.h, which contain macros
with embedded warning messages :

When trying to actually display the warning, we may end up with a segmentation
fault instead. The reason is the actual warning message gets parsed (the text is
unquoted) and words in the message such as "not", "and" etc. are interpreted as
operators CPP_NOT, CPP_AND. When the time comes to display the warning, the code
uses wrong structure to access the "name" corresponding to the operators.

[YOCTO #11738]

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

diff --git a/meta/recipes-devtools/gcc/gcc-7.1.inc b/meta/recipes-devtools/gcc/gcc-7.1.inc
index 3f1c06dafd6d430dfb5246cae0ad9724be39a238..2d9ca82de9786ac6cab43daf609acdcac5d85b8c 100644 (file)
--- a/meta/recipes-devtools/gcc/gcc-7.1.inc
+++ b/meta/recipes-devtools/gcc/gcc-7.1.inc
@@ -75,6 +75,7 @@ SRC_URI = "\
            file://0048-gcc-Enable-static-PIE.patch \
            file://0049-libsanitizer-Use-stack_t-instead-of-struct-sigaltsta.patch \
            file://0050-replace-struct-ucontext-with-ucontext_t.patch \
+           file://fix-segmentation-fault-precompiled-hdr.patch \
            ${BACKPORTS} \
 "
 BACKPORTS = "\

diff --git a/meta/recipes-devtools/gcc/gcc-7.1/fix-segmentation-fault-precompiled-hdr.patch b/meta/recipes-devtools/gcc/gcc-7.1/fix-segmentation-fault-precompiled-hdr.patch
new file mode 100644 (file)
index 0000000..c0adef6
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-7.1/fix-segmentation-fault-precompiled-hdr.patch
@@ -0,0 +1,49 @@
+
+Prevent a segmentation fault which occurs when using incorrect
+structure trying to access name of some named operators, such as 
+CPP_NOT, CPP_AND etc. "token->val.node.spelling" cannot be used in
+those cases, as is may not be initialized at all.
+
+
+[YOCTO #11738]
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -3229,11 +3229,27 @@
+     spell_ident:
+     case SPELL_IDENT:
+       if (forstring)
+-      {
+-        memcpy (buffer, NODE_NAME (token->val.node.spelling),
+-                NODE_LEN (token->val.node.spelling));
+-        buffer += NODE_LEN (token->val.node.spelling);
+-      }
++        {
++          if (token->type == CPP_NAME)
++            {
++              memcpy (buffer, NODE_NAME (token->val.node.spelling),
++                    NODE_LEN (token->val.node.spelling));
++              buffer += NODE_LEN (token->val.node.spelling);
++              break;
++            }
++          /* NAMED_OP, cannot use node.spelling */
++          if (token->flags & NAMED_OP)
++            {
++              const char *str = cpp_named_operator2name (token->type);
++              if (str)
++                {
++                  size_t len = strlen(str);
++                  memcpy(buffer, str, len);
++                  buffer += len;
++                }
++              break;
++            }
++        }
+       else
+       buffer = _cpp_spell_ident_ucns (buffer, token->val.node.node);
+       break;