[Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails)
tjko at iki dot fi
gcc-bugzilla@gcc.gnu.org
Thu Oct 2 08:54:00 GMT 2003
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
Summary: buffer overflow in scan-decls.c (bootstrap fails)
Product: gcc
Version: 3.3.1
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: bootstrap
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: tjko at iki dot fi
CC: gcc-bugs at gcc dot gnu dot org
GCC host triplet: sparc-sun-solaris2.9
GCC target triplet: sparc-sun-solaris2.9
Apparently recent patches from Sun make some changes to system
headers in Solaris 9, causing fix-header to segfault when doing
"make bootstrap".
How to reproduce (on Solaris 9 with latest recommended patches installed,
using gcc-3.3 as bootstrap compiler):
# mkdir objdir; cd objdir
# ../configure --prefix=/opt/gcc-3.3.1 --enable-languages=c,c++ --disable-nls
--disable-shared
# make bootstrap
...
if [ -f fixhdr.ready ] ; then \
true; \
else \
echo timestamp > fixhdr.ready; \
fi
if [ -f include/fixed ] ; then true; \
else \
: This line works around a 'make' bug in BSDI 1.1.; \
FIXPROTO_DEFINES=""; export FIXPROTO_DEFINES; \
mkinstalldirs="/bin/sh ../../gcc/mkinstalldirs"; \
export mkinstalldirs; \
if [ -d /usr/include ] ; then \
/bin/sh ../../gcc/fixproto include include /usr/include; \
if [ $? -eq 0 ] ; then true ; else exit 1 ; fi ; \
else true; fi; \
echo timestamp > include/fixed; \
fi
fixproto: populating `include'
fix-header: fixing curses.h
Segmentation Fault - core dumped
make[2]: *** [stmp-fixproto] Error 1
make[2]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make[1]: *** [stage1_build] Error 2
make[1]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make: *** [bootstrap] Error 2
After investigating this with gdb, it seems global variable
symbol_table (from fix-header.c) gets overwritten when
extern_C_braces (from scan-decls.c) overflows, if there are
too many nested braces in header files.
Following seems to fix the problem, but this is just a hack
not a real fix, since this might still happen if there are
really many nested braces in some weird header file :)
--- gcc-3.3.1/gcc/scan-decls.c.orig Thu Oct 2 11:49:15 2003
+++ gcc-3.3.1/gcc/scan-decls.c Thu Oct 2 11:50:16 2003
@@ -32,7 +32,7 @@
indicate the (brace nesting levels of) left braces that were
prefixed by extern "C". */
int extern_C_braces_length = 0;
-char extern_C_braces[20];
+char extern_C_braces[200];
#define in_extern_C_brace (extern_C_braces_length>0)
/* True if the function declaration currently being scanned is
More information about the Gcc-bugs
mailing list