util/romcc: Fix parsing of empty string literal

The corner case of an empty string literal was causing romcc to segfault. This checks if the literal is empty, and if so allocates a size one buffer for the terminating null character. A test case for this is added to ensure it doesn't happen again. Found-by: Coverity CID 1129099 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Change-Id: I067160a3b9998184f44e4878ef6269f372fe68bb Reviewed-on: https://review.coreboot.org/c/coreboot/+/32852 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-05-17 12:51:47 -06:00 · 2019-05-17 12:51:47 -06:00 · ae8301fddb
parent b79d2dee2b
commit ae8301fddb
2 changed files with 13 additions and 0 deletions
--- a/util/romcc/romcc.c
+++ b/util/romcc/romcc.c
@ -10782,6 +10782,15 @@ static struct triple *string_constant(struct compile_state *state)
 		} while(str < end);
 		type->elements = ptr - buf;
 	} while(peek(state) == TOK_LIT_STRING);
+
+	/* buf contains the allocated buffer for the string constant. However,
+	   if buf is NULL, then the string constant is empty, but we still
+	   need to allocate one byte for the null character. */
+	if (buf == NULL) {
+		buf = xmalloc(1, "string_constant");
+		ptr = buf;
+	}
+
 	*ptr = '\0';
 	type->elements += 1;
 	def = triple(state, OP_BLOBCONST, type, 0, 0);
--- a/util/romcc/tests/simple_test87.c
+++ b/util/romcc/tests/simple_test87.c
@ -0,0 +1,4 @@
+static void main(void)
+{
+	char *x = "";
+}