This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: ICE in cpp with

To: Neil Booth <NeilB at earthling dot net>
Subject: Re: ICE in cpp with
From: Andreas Jaeger <aj at suse dot de>
Date: 05 Jul 2000 17:14:45 +0200
Cc: Zack Weinberg <zack at wolery dot cumb dot org>, gcc-bugs at gcc dot gnu dot org
References: <u8wvj1ufk3.fsf@gromit.rhein-neckar.de><E139lps-0005PK-00@monkey.rosenet.ne.jp><u8puosvpjb.fsf@gromit.rhein-neckar.de><E139p0E-0005uY-00@monkey.rosenet.ne.jp>

>>>>> Neil Booth writes:

>> (gdb) up
>> #1  0x41535c in _cpp_parse_assertion (pfile=0x10032a40, answerp=0x7ffffb40) at /home/sites/home/users/aj/cvs/gcc/gcc/cpplib.c:1331
>> 1331      return cpp_lookup (pfile, sym, len);

Neil> Hmmm, the referenced code looks like a buffer overflow:-

Neil>  lookup_node:
Neil>   *answerp = answer;
Neil>   len = predicate->val.name.len + 1;
Neil>   sym = alloca (len);

Neil>   /* Prefix '#' to get it out of macro namespace.  */
Neil>   sym[0] = '#';
Neil>   memcpy (sym + 1, predicate->val.name.text, len);
Neil>   return cpp_lookup (pfile, sym, len);

Neil> does instead

Neil>   memcpy (sym + 1, predicate->val.name.text, len - 1);

Neil> fix the problem?

It seems - I'm currently bootstrapping and stage2 finished
successfully.  Consider the problem fixed with your patch, if you
don't see any more comments.

Thanks for the help,
Andreas
-- 
 Andreas Jaeger
  SuSE Labs aj@suse.de
   private aj@arthur.inka.de

References:
- ICE in cpp with
  - From: Andreas Jaeger
- Re: ICE in cpp with
  - From: Neil Booth
- Re: ICE in cpp with
  - From: Andreas Jaeger
- Re: ICE in cpp with
  - From: Neil Booth

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]