This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug preprocessor/14461] New: preprocessor cause buffer overflow
- From: "kutara at sayuri dot ne dot jp" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 6 Mar 2004 17:57:48 -0000
- Subject: [Bug preprocessor/14461] New: preprocessor cause buffer overflow
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
Preprocessor allocate buffer using mmap() or malloc() for reading include files
at cppfiles.c / read_include_file().
When using malloc(), the buffer can be NUL-terminated.
But using mmap(), the buffer cannot be NUL-terminated.
Almost implementation of mmap() are NUL-terminated after the mmap()ed file data.
But XFS(SGI's file system) on Linux is different.
So everywhere reading buffer like 'buffer->cur++', must check buffer overflow.
For example, at cpplex.c / _cpp_lex_direct(),
> skipped_white:
+ if( buffer->cur > buffer->rlimit )
+ c = '\0';
+ else
> c = *buffer->cur++;
> result->col = CPP_BUF_COLUMN (buffer, buffer->cur);
--
Summary: preprocessor cause buffer overflow
Product: gcc
Version: 3.3.3
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: preprocessor
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: kutara at sayuri dot ne dot jp
CC: gcc-bugs at gcc dot gnu dot org
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14461