From: Dmitriy Vyukov Date: Wed, 14 May 2014 15:24:00 +0000 (+0400) Subject: cmd/gc: fix out of bounds access X-Git-Tag: go1.3beta2~72 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=8c2fefe89cbc9fa64e600c400d127905e3c375a5;p=gostls13.git cmd/gc: fix out of bounds access AddressSanitizer says: AddressSanitizer: heap-buffer-overflow on address 0x60200001b6f3 READ of size 6 at 0x60200001b6f3 thread T0 #0 0x46741b in __interceptor_memcmp asan_interceptors.cc:337 #1 0x4b5794 in compile src/cmd/6g/../gc/pgen.c:177 #2 0x509b81 in funccompile src/cmd/gc/dcl.c:1457 #3 0x520fe2 in p9main src/cmd/gc/lex.c:489 #4 0x5e2e01 in main src/lib9/main.c:57 #5 0x7fab81f7976c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226 #6 0x4b16dc in _start (pkg/tool/linux_amd64/6g+0x4b16dc) 0x60200001b6f3 is located 0 bytes to the right of 3-byte region [0x60200001b6f0,0x60200001b6f3) allocated by thread T0 here: #0 0x493ec8 in __interceptor_malloc asan_malloc_linux.cc:75 #1 0x54d64e in mal src/cmd/gc/subr.c:459 #2 0x5260d5 in yylex src/cmd/gc/lex.c:1605 #3 0x52078f in p9main src/cmd/gc/lex.c:402 #4 0x5e2e01 in main src/lib9/main.c:57 If the memory block happens to be at the end of hunk and page bounadry, this out-of-bounds can lead to a crash. LGTM=dave, iant R=golang-codereviews, dave, iant CC=golang-codereviews https://golang.org/cl/93370043 --- diff --git a/src/cmd/gc/pgen.c b/src/cmd/gc/pgen.c index 2c986bb94c..40620c3dad 100644 --- a/src/cmd/gc/pgen.c +++ b/src/cmd/gc/pgen.c @@ -174,7 +174,7 @@ compile(Node *fn) lno = setlineno(fn); if(fn->nbody == nil) { - if(pure_go || memcmp(fn->nname->sym->name, "init·", 6) == 0) + if(pure_go || strncmp(fn->nname->sym->name, "init·", 6) == 0) yyerror("missing function body", fn); goto ret; }