This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libobjc/11433] New: Crash due to dereferencing null pointer when querying protocol

From: "richard at brainstorm dot co dot uk" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: 4 Jul 2003 11:38:09 -0000
Subject: [Bug libobjc/11433] New: Crash due to dereferencing null pointer when querying protocol
Reply-to: gcc-bugzilla at gcc dot gnu dot org

PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11433

           Summary: Crash due to dereferencing null pointer when querying
                    protocol
           Product: gcc
           Version: 3.4
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libobjc
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: richard at brainstorm dot co dot uk
                CC: gcc-bugs at gcc dot gnu dot org

Consider the following trivial test program (test.m)-

#include        <objc/objc.h>
#include        <objc/Object.h>
#include        <objc/Protocol.h>

@protocol TestProtocol
+ testMethod;
@end

int
main()
{
  [@protocol(TestProtocol) descriptionForInstanceMethod: @selector(name)];
  return 0;
}


If you compile it using the command 'gcc test.m -lobjc'
Then run a.out, and you will get a segmentation violation.

This is because TestProtocol contains only a class method, but we tried to look
up an instance method ... the lookup should have returned a null pointer rather
than crashing.

There is a simple fix to the file Protocol.m in the objc runtume ...

diff Protocol.m Protocol.m.old
83c83
<   if (instance_methods != 0)
---
>   for (i = 0; i < instance_methods->count; i++)
85,89c85,86
<       for (i = 0; i < instance_methods->count; i++)
<       {
<         if (!strcmp ((char*)instance_methods->list[i].name, name))
<           return &(instance_methods->list[i]);
<       }
---
>       if (!strcmp ((char*)instance_methods->list[i].name, name))
>       return &(instance_methods->list[i]);
113c110
<   if (class_methods != 0)
---
>   for (i = 0; i < class_methods->count; i++)
115,119c112,113
<       for (i = 0; i < class_methods->count; i++)
<       {
<         if (!strcmp ((char*)class_methods->list[i].name, name))
<           return &(class_methods->list[i]);
<       }
---
>       if (!strcmp ((char*)class_methods->list[i].name, name))
>       return &(class_methods->list[i]);

Follow-Ups:
- [Bug libobjc/11433] Crash due to dereferencing null pointer when querying protocol
  - From: pinskia at physics dot uc dot edu
- [Bug libobjc/11433] Crash due to dereferencing null pointer when querying protocol
  - From: richard at brainstorm dot co dot uk

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]