[Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails)

tjko at iki dot fi gcc-bugzilla@gcc.gnu.org
Thu Oct 2 08:54:00 GMT 2003


PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490

           Summary: buffer overflow in scan-decls.c (bootstrap fails)
           Product: gcc
           Version: 3.3.1
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: bootstrap
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: tjko at iki dot fi
                CC: gcc-bugs at gcc dot gnu dot org
  GCC host triplet: sparc-sun-solaris2.9
GCC target triplet: sparc-sun-solaris2.9

Apparently recent patches from Sun make some changes to system
headers in Solaris 9, causing fix-header to segfault when doing
"make bootstrap".


How to reproduce (on Solaris 9 with latest recommended patches installed,
using gcc-3.3 as bootstrap compiler):

# mkdir objdir; cd objdir
# ../configure --prefix=/opt/gcc-3.3.1 --enable-languages=c,c++ --disable-nls 
--disable-shared
# make bootstrap
...
if [ -f fixhdr.ready ] ; then \
        true; \
else \
        echo timestamp > fixhdr.ready; \
fi
if [ -f include/fixed ] ; then true; \
else \
  : This line works around a 'make' bug in BSDI 1.1.; \
  FIXPROTO_DEFINES=""; export FIXPROTO_DEFINES; \
  mkinstalldirs="/bin/sh ../../gcc/mkinstalldirs"; \
    export mkinstalldirs; \
  if [ -d /usr/include ] ; then \
    /bin/sh ../../gcc/fixproto include include /usr/include; \
    if [ $? -eq 0 ] ; then true ; else exit 1 ; fi ; \
  else true; fi; \
  echo timestamp > include/fixed; \
fi
fixproto: populating `include'
fix-header: fixing curses.h
Segmentation Fault - core dumped
make[2]: *** [stmp-fixproto] Error 1
make[2]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make[1]: *** [stage1_build] Error 2
make[1]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make: *** [bootstrap] Error 2


After investigating this with gdb, it seems global variable
symbol_table (from fix-header.c) gets overwritten when
extern_C_braces (from scan-decls.c) overflows, if there are
too many nested braces in header files.


Following seems to fix the problem, but this is just a hack
not a real fix, since this might still happen if there are
really many nested braces in some weird header file :)

--- gcc-3.3.1/gcc/scan-decls.c.orig     Thu Oct  2 11:49:15 2003
+++ gcc-3.3.1/gcc/scan-decls.c  Thu Oct  2 11:50:16 2003
@@ -32,7 +32,7 @@
    indicate the (brace nesting levels of) left braces that were
    prefixed by extern "C".  */
 int extern_C_braces_length = 0;
-char extern_C_braces[20];
+char extern_C_braces[200];
 #define in_extern_C_brace (extern_C_braces_length>0)
 
 /* True if the function declaration currently being scanned is



More information about the Gcc-bugs mailing list