From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4244 invoked by alias); 2 May 2006 01:44:35 -0000 Received: (qmail 4236 invoked by uid 22791); 2 May 2006 01:44:34 -0000 X-Spam-Check-By: sourceware.org Received: from ausmtp04.au.ibm.com (HELO ausmtp04.au.ibm.com) (202.81.18.152) by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 02 May 2006 01:44:32 +0000 Received: from sd0208e0.au.ibm.com (d23rh904.au.ibm.com [202.81.18.202]) by ausmtp04.au.ibm.com (8.13.6/8.13.5) with ESMTP id k421socI280998 for ; Tue, 2 May 2006 11:54:50 +1000 Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.250.237]) by sd0208e0.au.ibm.com (8.12.10/NCO/VER6.8) with ESMTP id k421llsM075752 for ; Tue, 2 May 2006 11:47:47 +1000 Received: from d23av04.au.ibm.com (loopback [127.0.0.1]) by d23av04.au.ibm.com (8.12.11/8.13.3) with ESMTP id k421iRcR024521 for ; Tue, 2 May 2006 11:44:27 +1000 Received: from ozlabs.au.ibm.com (ozlabs.au.ibm.com [9.190.163.12]) by d23av04.au.ibm.com (8.12.11/8.12.11) with ESMTP id k421iRTZ024388 for ; Tue, 2 May 2006 11:44:27 +1000 Received: by ozlabs.au.ibm.com (Postfix, from userid 1017) id 0DA5E7374A; Tue, 2 May 2006 11:45:23 +1000 (EST) Date: Tue, 02 May 2006 01:44:00 -0000 From: Ben Elliston To: binutils@sourceware.org Subject: PATCH: off-by-one error in gas/sb.c Message-ID: <20060502014522.GA1045@ozlabs.au.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6i Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2006-05/txt/msg00016.txt.bz2 While converting an assertion of the form `if (cond) abort ();' to use assert (), I noticed an off-by-one error in sb_build. free_list is a variable of type sb_list_vector. An sb_list_vector is essentially a fixed array of pointers to sb_elements. The dimension of that array is controlled by sb_max_power_two in sb.h. The array is indexed by `size' just beneath the assertion, so the index had better be less than sb_max_power_two, not less than or equal to it! Okay for mainline? Ben Index: sb.c =================================================================== RCS file: /cvs/src/src/gas/sb.c,v retrieving revision 1.12 diff -u -p -r1.12 sb.c --- sb.c 18 May 2005 05:40:07 -0000 1.12 +++ sb.c 2 May 2006 01:38:26 -0000 @@ -66,8 +66,7 @@ sb_build (sb *ptr, int size) /* See if we can find one to allocate. */ sb_element *e; - if (size > sb_max_power_two) - abort (); + assert (size < sb_max_power_two); e = free_list.size[size]; if (!e)