diff options
author | Jacob Garber <jgarber1@ualberta.ca> | 2019-05-17 12:51:47 -0600 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2019-05-21 09:28:36 +0000 |
commit | ae8301fddbb5c8456b738bbeab94b98ae3eb06b6 (patch) | |
tree | f48cc998cd39784ace4c109b37677dc887e0bec4 | |
parent | b79d2dee2b2f294aac97dad849909d7bfb892c76 (diff) | |
download | coreboot-ae8301fddbb5c8456b738bbeab94b98ae3eb06b6.tar.xz |
util/romcc: Fix parsing of empty string literal
The corner case of an empty string literal was causing romcc to
segfault. This checks if the literal is empty, and if so allocates a
size one buffer for the terminating null character. A test case for
this is added to ensure it doesn't happen again.
Found-by: Coverity CID 1129099
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Change-Id: I067160a3b9998184f44e4878ef6269f372fe68bb
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32852
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
-rw-r--r-- | util/romcc/romcc.c | 9 | ||||
-rw-r--r-- | util/romcc/tests/simple_test87.c | 4 |
2 files changed, 13 insertions, 0 deletions
diff --git a/util/romcc/romcc.c b/util/romcc/romcc.c index bf0510a49f..b9ec835f6f 100644 --- a/util/romcc/romcc.c +++ b/util/romcc/romcc.c @@ -10782,6 +10782,15 @@ static struct triple *string_constant(struct compile_state *state) } while(str < end); type->elements = ptr - buf; } while(peek(state) == TOK_LIT_STRING); + + /* buf contains the allocated buffer for the string constant. However, + if buf is NULL, then the string constant is empty, but we still + need to allocate one byte for the null character. */ + if (buf == NULL) { + buf = xmalloc(1, "string_constant"); + ptr = buf; + } + *ptr = '\0'; type->elements += 1; def = triple(state, OP_BLOBCONST, type, 0, 0); diff --git a/util/romcc/tests/simple_test87.c b/util/romcc/tests/simple_test87.c new file mode 100644 index 0000000000..6a1148c46a --- /dev/null +++ b/util/romcc/tests/simple_test87.c @@ -0,0 +1,4 @@ +static void main(void) +{ + char *x = ""; +} |