This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Bounds checking for TREE_VEC_ELT and related bugs (PR c++/8511)

Gabriel Dos Reis <gdr@integrable-solutions.net> writes:

> Graham Stott <graham.stott@btinternet.com> writes:
>
> However, what is worrying me in Zack's message is the following:
>
> /home/zack/src/gcc/vanilla/build/i686-pc-linux-gnu/libstdc++-v3/include/bits/stl_alloc.h:381: internal compiler error: tree
>    check: accessed elt 3 of tree_vec with 2 elts in dfs_push_decls, at 
>    cp/search.c:2556
>
> That is, in libstdc++, we're accessing one element behond the limit!

Well, that was the point of adding bounds checking, was to find
bugs...

If you look closely at the code, you will see that the bug is
harmless: we loop from &TREE_VEC_ELT (method_vec, 2) to TREE_VEC_END
(method_vec).  If there are only two methods, those pointers will be
equal and setup_class_bindings won't be called.  We do dereference the
pointer one past the end of the memory block, but that's easily
corrected by swapping the tests in the loop exit condition.

I still consider it a bug.

zw
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]