This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Bug report

To: Mukul Bansal <mukul at gdit dot iiit dot net>
Subject: Re: Bug report
From: Carlo Wood <carlo at alinoe dot com>
Date: Fri, 11 May 2001 15:31:02 +0200
Cc: gcc-bugs at gcc dot gnu dot org
References: <Pine.LNX.4.21.0105111544150.28554-800000@gdit.iiit.net>

On Fri, May 11, 2001 at 03:46:48PM +0530, Mukul Bansal wrote:
> We ( Abhishek Sharma & Mukul Bansal ) believe that we have found a bug in
> the gcc compiler (RedHat linux 7). The bug was found while developing a
> chess program.

> int* queen(int x)
>   {
>     static  int x1,q[30],i,p,o;
...
>       q[0]=j;
>        return q;
> }
...
> int mate(int turn)
> {
>   int *n,i,j,p,q,d,t[2][2];
>   int m[22];
...
>     for(j=0;j<=n[0];j++)   /* copying n to m */ 
>           m[j]=n[j]; 

Since 30 > 22, you are probably having a buffer overrun.
I suggest you start with adding the check:

     assert( n[0] < sizeof(m)/sizeof(m[0]) );
     for(j=0;j<=n[0];j++)   /* copying n to m */ 
       m[j]=n[j]; 

I didn't run the program - then you'd have had included a tar ball.
Just browsed though the source code.

-- 
Carlo Wood <carlo@alinoe.com>

PS I very much doubt this is a compiler bug, but even it is was
   then you must report it to RedHat, because version 2.96 was
   never released by the FSF.  See http://www.bugzilla.com/

References:
- Bug report
  - From: Mukul Bansal

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]