<< Back to previous view

[PCC-39] dope[] index out of range Created: 21/Feb/09  Updated: 21/Feb/09

Status: Closed
Project: pcc
Component/s: Common code
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Gregory McGarry Assignee: Anders Magnusson
Resolution: Duplicate Votes: 0
Environment: Fedora 8


 Description   
1) tcopy can be called from frontend with value of p->n_op > MAXOP.
2) tcopy() calls optype()
3) optype indexes dope[] with index greater than MAXOP
4) depending on the linker alignment of bss, the return value is undefined

The following patch illustrates the problem, but it might be best to convert the macros in pass2.h to functions so that assertions can catch these problems in the future.

Index: pass2.h
===================================================================
RCS file: /cvsroot/pcc/mip/pass2.h,v
retrieving revision 1.120
diff -u -r1.120 pass2.h
--- pass2.h 5 Jan 2009 23:18:22 -0000 1.120
+++ pass2.h 21 Feb 2009 10:25:19 -0000
@@ -344,7 +344,7 @@
 #define PUTCHAR(x) putchar(x)
 #endif
 
-#define optype(o) (dope[o]&TYFLG)
+#define optype(o) (assert(o < MAXOP+1), dope[o]&TYFLG)
 #define asgop(o) (dope[o]&ASGFLG)
 #define logop(o) (dope[o]&LOGFLG)
 #define callop(o) (dope[o]&CALLFLG)


Generated at Sat Dec 20 17:35:20 CET 2014 using JIRA Enterprise Edition, Version: 3.13.1-#333.