This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: mem stomp in cpplib.c?
- To: Zack Weinberg <zack at wolery dot cumb dot org>
- Subject: Re: mem stomp in cpplib.c?
- From: Neil Booth <NeilB at earthling dot net>
- Date: Thu, 6 Jul 2000 07:32:33 +0900
- Cc: Robert Lipe <robertl at sco dot com>, Andreas Jaeger <aj at suse dot de>, gcc at gcc dot gnu dot org, gcc-patches at gcc dot gnu dot org
- References: <20000705102250.T22747@rjlhome.sco.com> <20000705093535.A284@wolery.cumb.org>
Hi Zack,
I don't think it's quite enough. You also need
return cpp_lookup (pfile, sym, len + 1);
if you've reduced len by 1. I might add an assertion test that
confirms all letters are significant :-)
Neil.
Zack Weinberg wrote:-
> Yes. Also reported by Andreas Jaeger, over on gcc-bugs. This is my
> candidate patch - I can't reproduce the problem on my system, so can
> you test it, please?
>
> zw
>
> * cpplib.c (_cpp_parse_assertion): Fix buffer overrun.
>
> ===================================================================
> Index: cpplib.c
> --- cpplib.c 2000/07/05 05:33:56 1.181
> +++ cpplib.c 2000/07/05 16:34:26
> @@ -1322,8 +1322,8 @@ _cpp_parse_assertion (pfile, answerp)
>
> lookup_node:
> *answerp = answer;
> - len = predicate->val.name.len + 1;
> - sym = alloca (len);
> + len = predicate->val.name.len;
> + sym = alloca (len + 1);
>
> /* Prefix '#' to get it out of macro namespace. */
> sym[0] = '#';