[Bug other/27348] memcmp reads past end of strings

fnf at specifix dot com gcc-bugzilla@gcc.gnu.org
Fri Apr 28 13:54:00 GMT 2006 


------- Comment #3 from fnf at specifix dot com  2006-04-28 13:54 -------
Subject: Re:  memcmp reads past end of strings

On Friday 28 April 2006 09:36, rguenth at gcc dot gnu dot org wrote:
> 
> ------- Comment #2 from rguenth at gcc dot gnu dot org  2006-04-28 13:36 -------
> In this particular case this should not happen as the memcmp is guarded by the
> length comparison before.
> 
> 

Heres an example run:

$ export MUDFLAP_OPTIONS=-viol-gdb
$ build/gengtype
warning: structure `eh_range' used but not defined
warning: structure `jdeplist_s' used but not defined
warning: structure `java_lexer' used but not defined
warning: structure `ZipDirectory' used but not defined
warning: structure `VEC_cp_token_position_heap' used but not defined
warning: structure `c_arg_info' used but not defined
warning: structure `c_switch' used but not defined
warning: structure `et_node' used but not defined
warning: structure `loop' used but not defined
warning: structure `ipa_reference_vars_info_d' used but not defined
warning: structure `reg_info_def' used but not defined
*******
mudflap violation 1 (check/read): time=1146233898.486348 ptr=0x809da1e size=8
pc=0x8851ed location=`(memcmp 1st arg)'
      /opt/local/latest/trunk/lib/libmudflap.so.0(__mf_check+0x3d) [0x8851ed]
      /opt/local/latest/trunk/lib/libmudflap.so.0(__mfwrap_memcmp+0x8a)
[0x8917ba]
      build/gengtype(get_output_file_with_visibility+0x901) [0x8056912]
Nearby object 1: checked region begins 30B into and ends 1B after
mudflap object 0x842f368: name=`string literal'
bounds=[0x809da00,0x809da24] size=37 area=static check=104r/112w liveness=112
alloc time=1146233889.975351 pc=0x884c4d
number of nearby objects: 1

[ stuff deleted ]

#7  0x08056912 in get_output_file_with_visibility (input_file=0x809da00
"/src/latest/trunk/src/gcc/gcc/tree.h")
    at /src/latest/trunk/src/gcc/gcc/gengtype.c:1275
1275            if (memcmp (basename, lang_dir_names[i], strlen
(lang_dir_names[i])) == 0
(gdb) x/s basename
0x809da1e <langs_for_lang_files+1214>:   "tree.h"
(gdb) x/s lang_dir_names[i]
0x809d53b <lang_files+411>:      "treelang"
(gdb) p strlen (lang_dir_names[i])
$1 = 8
(gdb)


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27348

More information about the Gcc-bugs mailing list