Bug 71674 - missing overflow detection in Ada.Strings.Search
Summary: missing overflow detection in Ada.Strings.Search
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: ada (show other bugs)
Version: 6.1.1
: P3 minor
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-27 12:52 UTC by Victor Porton
Modified: 2016-06-28 07:30 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2016-06-28 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Porton 2016-06-27 12:52:14 UTC
The following valid code throws an exception:

--  test_count.adb start
with Ada.Strings.Fixed, Ada.Integer_Text_IO;
use  Ada.Strings.Fixed, Ada.Integer_Text_IO;

procedure Test_Count is
   S : constant String (Positive'Last - 2 .. Positive'Last) := "Ada";
begin
   Put (Count (Source =>S,                         Pattern =>"AA"));
   Put (Count (Source =>S (S'First .. S'Last - 1), Pattern =>"A"));
   Put (Count (Source =>S,                         Pattern =>"A"));
end;
--  test_count.adb end

Here is the program run:

$ ./test_count 
          0          1

raised STORAGE_ERROR : stack overflow or erroneous memory access


I mark severity minor, because this error is unlikely to appear in a real code.

When fixing this bug, attention should be taken not to make new code much slower than the existing code.
Comment 1 Eric Botcazou 2016-06-28 07:30:53 UTC
Compiling a-strsea.adb with overflow checking enabled yields:

raised CONSTRAINT_ERROR : a-strsea.adb:102 overflow check failed

      if Mapping'Address = Maps.Identity'Address then
         while Ind <= Source'Last - PL1 loop
            if Pattern = Source (Ind .. Ind + PL1) then
               Num := Num + 1;
               Ind := Ind + Pattern'Length;
            else
               Ind := Ind + 1;      <=== 102
            end if;
         end loop;