This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write

From: Jerry DeLisle <jvdelisle at charter dot net>
To: Andreas Schwab <schwab at linux-m68k dot org>
Cc: gfortran <fortran at gcc dot gnu dot org>, gcc patches <gcc-patches at gcc dot gnu dot org>
Date: Sun, 27 Apr 2014 07:43:26 -0700
Subject: Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
Authentication-results: sourceware.org; auth=none
References: <5337A474 dot 8090004 at charter dot net> <87lhurf0hu dot fsf at igel dot home>

On 04/27/2014 04:57 AM, Andreas Schwab wrote:
> Jerry DeLisle <jvdelisle@charter.net> writes:
> 
>> +static void
>> +push_char4 (st_parameter_dt *dtp, gfc_char4_t c)
>> +{
>> +  gfc_char4_t *new, *p = (gfc_char4_t *) dtp->u.p.saved_string;
>> +
>> +  if (p == NULL)
>> +    {
>> +      dtp->u.p.saved_string = xcalloc (SCRATCH_SIZE, sizeof (gfc_char4_t));
>> +      dtp->u.p.saved_length = SCRATCH_SIZE;
>> +      dtp->u.p.saved_used = 0;
>> +      p = (gfc_char4_t *) dtp->u.p.saved_string;
>> +    }
>> +
>> +  if (dtp->u.p.saved_used >= dtp->u.p.saved_length)
>> +    {
>> +      dtp->u.p.saved_length = 2 * dtp->u.p.saved_length;
>> +      new = realloc (p, dtp->u.p.saved_length);
> 
> That's a buffer overflow.
> 
Do you mean it should be?

	 new = realloc (p, dtp->u.p.saved_length * sizeof (gfc_char4_t));

jerry

References:
- Re: [patch, libgfortran] Wrong result for UTF-8/UCS-4 list-directed and namelist read and nml write
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]