https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71063
ktkachov at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at gcc dot gnu.org |ktkachov at gcc dot
gnu.org
--- Comment #2 from ktkachov at gcc dot gnu.org ---
The bug in opts.c is:
if (* a == '^')
{
++ a;
pflags = & exclude_flags;
}
else
pflags = & include_flags;
comma = strchr (a, ',');
if (comma == NULL)
len = strlen (a);
else
len = comma - a;
if (len == 0)
{
a = comma + 1;
continue;
}
For "^" a is advanced to "", 'comma' after the strchr is NULL, 'len' is
therefore 0 but then a is set to comma + 1, which is invalid and is dereference
at the top of the loop.
