This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Patch: fix infinite loop bug in libiberty/memchr.c


While doing a warning sweep in libiberty, I noticed this one:

 > memchr.c:53: warning: comparison of unsigned expression >= 0 is always true

Sure enough, the `length' parameter is never honored as a terminating
condition.  It'll only exit the loop if the `c' parameter is found or
crash with a SEGV when it runs past valid memory.

We never got bit because (almost) all platforms have their own memchr
and I don't think gcc source code calls it anyway.  Still, I think we
should fix it. :-)

Okay to apply to mainline and 3.0 branch?

		--Kaveh


2001-03-27  Kaveh R. Ghazi  <ghazi@caip.rutgers.edu>

	* memchr.c (memchr): Adjust condition to avoid infinite loop.

diff -rup orig/egcs-CVS20010326/libiberty/memchr.c egcs-CVS20010326/libiberty/memchr.c
--- orig/egcs-CVS20010326/libiberty/memchr.c	Mon Dec 14 02:00:53 1998
+++ egcs-CVS20010326/libiberty/memchr.c	Tue Mar 27 16:45:42 2001
@@ -50,7 +50,7 @@ memchr (src_void, c, length)
 {
   const unsigned char *src = (const unsigned char *)src_void;
   
-  while (--length >= 0)
+  while (length-- > 0)
   {
     if (*src == c)
      return (PTR)src;


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]