This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] Fix overflow of -b switch


process_command () scans command line twice. The first time it just
counts how many switches. Then the switches vector is created
according to the count. The second time it copies the text of each
switch and stores a pointer to the copy in the vector of switches.
Currently, the first scan does not count -b if its argument has no
dash. So the switches vector has no enough space for all switches and
is overflowed when the second scan tries to store the pointers.

Mike Frysinger observed a crash of Blackfin GCC 4.1.1 on amd64 host.
The original bug report is

<http://blackfin.uclinux.org/tracker/?func=detail&aid=1746&group_id=18&atid=145>,

which I believe is caused by the overflow.

This patch fixes it by treating such -b switch as normal switch.
Regression test is going on. Is it OK?

Jie
	* gcc.c (process_command): Treat -b as normal switch if its argument
	has no dash.

Index: gcc.c
===================================================================
--- gcc.c	(revision 117594)
+++ gcc.c	(working copy)
@@ -3744,7 +3744,10 @@
 	  switch (c)
 	    {
 	    case 'b':
-	      if (NULL == strchr(argv[i] + 2, '-')) break;
+	      if (NULL == strchr(argv[i] + 2, '-'))
+		goto normal_switch;
+
+	      /* Fall through.  */
 	    case 'V':
 	      fatal ("'-%c' must come at the start of the command line", c);
 	      break;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]