public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails)
@ 2003-10-02  8:54 tjko at iki dot fi
  2003-10-03  3:59 ` [Bug bootstrap/12490] " ebotcazou at gcc dot gnu dot org
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: tjko at iki dot fi @ 2003-10-02  8:54 UTC (permalink / raw)
  To: gcc-bugs

PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490

           Summary: buffer overflow in scan-decls.c (bootstrap fails)
           Product: gcc
           Version: 3.3.1
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: bootstrap
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: tjko at iki dot fi
                CC: gcc-bugs at gcc dot gnu dot org
  GCC host triplet: sparc-sun-solaris2.9
GCC target triplet: sparc-sun-solaris2.9

Apparently recent patches from Sun make some changes to system
headers in Solaris 9, causing fix-header to segfault when doing
"make bootstrap".


How to reproduce (on Solaris 9 with latest recommended patches installed,
using gcc-3.3 as bootstrap compiler):

# mkdir objdir; cd objdir
# ../configure --prefix=/opt/gcc-3.3.1 --enable-languages=c,c++ --disable-nls 
--disable-shared
# make bootstrap
...
if [ -f fixhdr.ready ] ; then \
        true; \
else \
        echo timestamp > fixhdr.ready; \
fi
if [ -f include/fixed ] ; then true; \
else \
  : This line works around a 'make' bug in BSDI 1.1.; \
  FIXPROTO_DEFINES=""; export FIXPROTO_DEFINES; \
  mkinstalldirs="/bin/sh ../../gcc/mkinstalldirs"; \
    export mkinstalldirs; \
  if [ -d /usr/include ] ; then \
    /bin/sh ../../gcc/fixproto include include /usr/include; \
    if [ $? -eq 0 ] ; then true ; else exit 1 ; fi ; \
  else true; fi; \
  echo timestamp > include/fixed; \
fi
fixproto: populating `include'
fix-header: fixing curses.h
Segmentation Fault - core dumped
make[2]: *** [stmp-fixproto] Error 1
make[2]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make[1]: *** [stage1_build] Error 2
make[1]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make: *** [bootstrap] Error 2


After investigating this with gdb, it seems global variable
symbol_table (from fix-header.c) gets overwritten when
extern_C_braces (from scan-decls.c) overflows, if there are
too many nested braces in header files.


Following seems to fix the problem, but this is just a hack
not a real fix, since this might still happen if there are
really many nested braces in some weird header file :)

--- gcc-3.3.1/gcc/scan-decls.c.orig     Thu Oct  2 11:49:15 2003
+++ gcc-3.3.1/gcc/scan-decls.c  Thu Oct  2 11:50:16 2003
@@ -32,7 +32,7 @@
    indicate the (brace nesting levels of) left braces that were
    prefixed by extern "C".  */
 int extern_C_braces_length = 0;
-char extern_C_braces[20];
+char extern_C_braces[200];
 #define in_extern_C_brace (extern_C_braces_length>0)
 
 /* True if the function declaration currently being scanned is


^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-10-08 12:38 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-02  8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
2003-10-03  3:59 ` [Bug bootstrap/12490] " ebotcazou at gcc dot gnu dot org
2003-10-03  3:59 ` ebotcazou at gcc dot gnu dot org
2003-10-05 18:29 ` mark at codesourcery dot com
2003-10-08 12:29 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:33 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:38 ` [Bug bootstrap/12490] buffer overflow in scan-decls.c ebotcazou at gcc dot gnu dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).