From ae8301fddbb5c8456b738bbeab94b98ae3eb06b6 Mon Sep 17 00:00:00 2001 From: Jacob Garber Date: Fri, 17 May 2019 12:51:47 -0600 Subject: util/romcc: Fix parsing of empty string literal The corner case of an empty string literal was causing romcc to segfault. This checks if the literal is empty, and if so allocates a size one buffer for the terminating null character. A test case for this is added to ensure it doesn't happen again. Found-by: Coverity CID 1129099 Signed-off-by: Jacob Garber Change-Id: I067160a3b9998184f44e4878ef6269f372fe68bb Reviewed-on: https://review.coreboot.org/c/coreboot/+/32852 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi --- util/romcc/romcc.c | 9 +++++++++ util/romcc/tests/simple_test87.c | 4 ++++ 2 files changed, 13 insertions(+) create mode 100644 util/romcc/tests/simple_test87.c (limited to 'util') diff --git a/util/romcc/romcc.c b/util/romcc/romcc.c index bf0510a49f..b9ec835f6f 100644 --- a/util/romcc/romcc.c +++ b/util/romcc/romcc.c @@ -10782,6 +10782,15 @@ static struct triple *string_constant(struct compile_state *state) } while(str < end); type->elements = ptr - buf; } while(peek(state) == TOK_LIT_STRING); + + /* buf contains the allocated buffer for the string constant. However, + if buf is NULL, then the string constant is empty, but we still + need to allocate one byte for the null character. */ + if (buf == NULL) { + buf = xmalloc(1, "string_constant"); + ptr = buf; + } + *ptr = '\0'; type->elements += 1; def = triple(state, OP_BLOBCONST, type, 0, 0); diff --git a/util/romcc/tests/simple_test87.c b/util/romcc/tests/simple_test87.c new file mode 100644 index 0000000000..6a1148c46a --- /dev/null +++ b/util/romcc/tests/simple_test87.c @@ -0,0 +1,4 @@ +static void main(void) +{ + char *x = ""; +} -- cgit v1.2.3