This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Bounds checking for TREE_VEC_ELT and related bugs (PR c++/8511)

Gabriel Dos Reis wrote:

Graham Stott <graham.stott@btinternet.com> writes:

.

You're absolutely correct.
I sent another message to correct my misconception (I can't tell where
I got the idea that we always have at least 3 slots, whereas in
reality it is at least 2).
However, what is worrying me in Zack's message is the following:

/home/zack/src/gcc/vanilla/build/i686-pc-linux-gnu/libstdc++-v3/include/bits/stl_alloc.h:381: internal compiler error: tree
check: accessed elt 3 of tree_vec with 2 elts in dfs_push_decls, at cp/search.c:2556

That is, in libstdc++, we're accessing one element behond the limit!
Yes it's accessing beyond the logical limit but not physical limit.

Note this bit code of code I quoted

  /* Now sort the methods.  */
  while (len > 2 && TREE_VEC_ELT (method_vec, len-1) == NULL_TREE)
    len--;
  TREE_VEC_LENGTH (method_vec) = len;
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Here we shrink the vectors len



-- Gaby


Graham
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]