This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[patch] fix memory corruption in libcpp (pr 19077)


I took a look at this with valgrind after glibc told me that we were
corrupting the malloc data structures. After some looking I realized
that the length calculation was missing one condition that we used in
writing to the array. This fixes the memory corruption problem and the
testcase compiles just fine.

The second hunk is a cleanup to remove the overloading of the len
variable. If we still want it I can add back the variable under a
different name.

Tested on x86-linux C/C++. Bootstrap and no regressions.

OK?

-eric

2005-02-14  Eric Christopher  <echristo@redhat.com>

	PR preprocessor/19077
	* macro.c (cpp_macro_definition): Add PREV_WHITE condition
	to buffer length calculation. Remove overloading of len
	variable.

Index: macro.c
===================================================================
RCS file: /cvs/gcc/gcc/libcpp/macro.c,v
retrieving revision 1.8
diff -u -p -w -r1.8 macro.c
--- macro.c 14 Feb 2005 14:43:56 -0000 1.8
+++ macro.c 14 Feb 2005 22:41:42 -0000
@@ -1666,6 +1666,7 @@ cpp_macro_definition (cpp_reader *pfile,
len += NODE_LEN (macro->params[i]) + 1; /* "," */
     }

+  /* This should match below where we fill in the buffer.  */
   if (CPP_OPTION (pfile, traditional))
     len += _cpp_replacement_text_len (macro);
   else
@@ -1682,6 +1683,8 @@ cpp_macro_definition (cpp_reader *pfile,
    len++; /* "#" */
  if (token->flags & PASTE_LEFT)
    len += 3; /* " ##" */
+   if (token->flags & PREV_WHITE)
+     len++;              /* " " */
}
     }

@@ -1741,10 +1744,10 @@ cpp_macro_definition (cpp_reader *pfile,

  if (token->type == CPP_MACRO_ARG)
    {
-       len = NODE_LEN (macro->params[token->val.arg_no - 1]);
      memcpy (buffer,
-       NODE_NAME (macro->params[token->val.arg_no - 1]), len);
-       buffer += len;
+       NODE_NAME (macro->params[token->val.arg_no - 1]),
+       NODE_LEN (macro->params[token->val.arg_no - 1]));
+       buffer += NODE_LEN (macro->params[token->val.arg_no - 1]);
    }
  else
    buffer = cpp_spell_token (pfile, token, buffer);



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]