This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 4/7] Fix int overflow

From: Jeff Law <law at redhat dot com>
To: Mikhail Maltsev <maltsevm at gmail dot com>, gcc-patches <gcc-patches at gnu dot org>, Jason Merrill <jason at redhat dot com>
Date: Mon, 06 Jul 2015 16:55:14 -0600
Subject: Re: [PATCH 4/7] Fix int overflow
Authentication-results: sourceware.org; auth=none
References: <559AD66D dot 1070809 at gmail dot com> <559AD8CA dot 8030209 at gmail dot com>

On 07/06/2015 01:36 PM, Mikhail Maltsev wrote:

---
  libiberty/cp-demangle.c               | 3 ++-
  libiberty/testsuite/demangle-expected | 4 ++++
  2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libiberty/cp-demangle.c b/libiberty/cp-demangle.c
index 44a0a9b..befa6b6 100644
--- a/libiberty/cp-demangle.c
+++ b/libiberty/cp-demangle.c
@@ -103,6 +103,7 @@
  #include "config.h"
  #endif

+#include <limits.h>
  #include <stdio.h>

  #ifdef HAVE_STDLIB_H
@@ -1599,7 +1600,7 @@ d_source_name (struct d_info *di)
    struct demangle_component *ret;

    len = d_number (di);
-  if (len <= 0)
+  if (len <= 0 || len > INT_MAX)
      return NULL;
    ret = d_identifier (di, len);
    di->last_name = ret;

Isn't this only helpful if sizeof (long) > sizeof (int)? Otherwise thecompiler is going to eliminate that newly added test, right?


So with that in mind, what happens on i686-unknown-linux with this test?


Jeff

Follow-Ups:
- Re: [PATCH 4/7] Fix int overflow
  - From: Mikhail Maltsev

References:
- [PATCH 0/7] Fix bugs found during demangler fuzz-testing
  - From: Mikhail Maltsev
- [PATCH 4/7] Fix int overflow
  - From: Mikhail Maltsev

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]