Source: gcc-9 Severity: important Hello!
Recently, we have observed strange crashes of gcc-9 while building src:linux on sh4 [1]. Michael Karcher has debugged the problem and found that this is a buffer overflow introduced by the patch gcc-search-prefixed-as-ld.diff. The backtrace is: Core was generated by `gcc -v -pipe -m4 -m4-nofpu hello.c'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x296993e6 in memcpy () from /lib/sh4-linux-gnu/libc.so.6 (gdb) bt #0 0x296993e6 in memcpy () from /lib/sh4-linux-gnu/libc.so.6 #1 0x00405ade in file_at_path (path=0x29892fb0 "/usr/lib/gcc/sh4-linux-gnu/9/../../../../sh4-linux-gnu/bin/sh4-linux-gnu/9/sh4-l", data=0x7b901400) at ../../src/gcc/gcc.c:2943 #2 0x00405b80 in file_at_path (path=0x29892fb0 "/usr/lib/gcc/sh4-linux-gnu/9/../../../../sh4-linux-gnu/bin/sh4-linux-gnu/9/sh4-l", data=0x7b9014a0) at ../../src/gcc/gcc.c:2936 #3 0x00404d0e in for_each_path (paths=0x4e8520 <exec_prefixes>, do_multi=<optimized out>, extra_space=2, callback=0x405a88 <file_at_path(char*, void*)>, callback_info=0x7b9014a0) at ../../src/gcc/gcc.c:2724 #4 0x0040680c in find_a_file (pprefix=<optimized out>, name=0x29828240 "as", mode=1, do_multi=<optimized out>) at ../../src/gcc/gcc.c:2999 #5 0x00409e86 in execute () at ../../src/gcc/gcc.c:3200 #6 0x0040ff14 in driver::do_spec_on_infiles (this=0x7b9015f8) at ../../src/gcc/gcc.c:8377 #7 0x00403b60 in driver::main (this=0x7b9015f8, argc=<optimized out>, argv=<optimized out>) at ../../src/gcc/gcc.c:7601 #8 0x00403dd4 in main (argc=6, argv=0x7b901694) at ../../src/gcc/gcc-main.c:47 (gdb) See also [2]. The issue is fixed by replacing line 9 in [3] with: + len += strlen (DEFAULT_REAL_TARGET_MACHINE) + 2; /* triplet prefix for as, ld. */ I assume it's just pure luck the issue doesn't show on other architectures. Thanks, Adrian > [1] > https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=5.3.15-1&stamp=1575738446&raw=0 > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92946 > [3] > https://sources.debian.org/src/gcc-9/9.2.1-21/debian/patches/gcc-search-prefixed-as-ld.diff/ -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913