This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: mem stomp in cpplib.c?
- To: Zack Weinberg <zack at wolery dot cumb dot org>
- Subject: Re: mem stomp in cpplib.c?
- From: Robert Lipe <robertlipe at usa dot net>
- Date: Wed, 5 Jul 2000 11:49:28 -0500
- Cc: Andreas Jaeger <aj at suse dot de>, gcc at gcc dot gnu dot org, gcc-patches at gcc dot gnu dot org
- References: <20000705102250.T22747@rjlhome.sco.com> <20000705093535.A284@wolery.cumb.org>
> > 'sym' holds 'len' bytes of storage. We then copy 'len' bytes of storage
> > starting at 'sym+1'. So we have a tiny little stack overwrite here.
>
> Yes. Also reported by Andreas Jaeger, over on gcc-bugs.
Do bootstrap problems go on gcc or gcc-bugs? Since they're
development-releated, I'd been thinking they went on gcc.
> This is my candidate patch - I can't reproduce the problem on my
> system, so can you test it, please?
This cures my testcase and gets me through stage1. The bootstrap
proceeds as we speak, so I give this a thumbs-up.
I'm guessing you can't reproduce it becuase you have a bootstrap
compiler that supports an intrinsic alloca so walking one byte past the
end of allocated storage isn't a traumatic thing.
Thanx,
RJL
>
> zw
>
> * cpplib.c (_cpp_parse_assertion): Fix buffer overrun.
>
> ===================================================================
> Index: cpplib.c
> --- cpplib.c 2000/07/05 05:33:56 1.181
> +++ cpplib.c 2000/07/05 16:34:26
> @@ -1322,8 +1322,8 @@ _cpp_parse_assertion (pfile, answerp)
>
> lookup_node:
> *answerp = answer;
> - len = predicate->val.name.len + 1;
> - sym = alloca (len);
> + len = predicate->val.name.len;
> + sym = alloca (len + 1);
>
> /* Prefix '#' to get it out of macro namespace. */
> sym[0] = '#';