Issue Details (XML | Word | Printable)

Key: PCC-39
Type: Bug Bug
Status: Closed Closed
Resolution: Duplicate
Priority: Critical Critical
Assignee: Anders Magnusson
Reporter: Gregory McGarry
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
pcc

dope[] index out of range

Created: 21/Feb/09 11:30 AM   Updated: 21/Feb/09 10:32 PM
Component/s: Common code
Affects Version/s: None
Fix Version/s: None

Environment: Fedora 8


 Description  « Hide
1) tcopy can be called from frontend with value of p->n_op > MAXOP.
2) tcopy() calls optype()
3) optype indexes dope[] with index greater than MAXOP
4) depending on the linker alignment of bss, the return value is undefined

The following patch illustrates the problem, but it might be best to convert the macros in pass2.h to functions so that assertions can catch these problems in the future.

Index: pass2.h
===================================================================
RCS file: /cvsroot/pcc/mip/pass2.h,v
retrieving revision 1.120
diff -u -r1.120 pass2.h
--- pass2.h 5 Jan 2009 23:18:22 -0000 1.120
+++ pass2.h 21 Feb 2009 10:25:19 -0000
@@ -344,7 +344,7 @@
 #define PUTCHAR(x) putchar(x)
 #endif
 
-#define optype(o) (dope[o]&TYFLG)
+#define optype(o) (assert(o < MAXOP+1), dope[o]&TYFLG)
 #define asgop(o) (dope[o]&ASGFLG)
 #define logop(o) (dope[o]&LOGFLG)
 #define callop(o) (dope[o]&CALLFLG)



 All   Comments   Change History      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.