public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails)
@ 2003-10-02 8:54 tjko at iki dot fi
2003-10-03 3:59 ` [Bug bootstrap/12490] " ebotcazou at gcc dot gnu dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: tjko at iki dot fi @ 2003-10-02 8:54 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
Summary: buffer overflow in scan-decls.c (bootstrap fails)
Product: gcc
Version: 3.3.1
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: bootstrap
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: tjko at iki dot fi
CC: gcc-bugs at gcc dot gnu dot org
GCC host triplet: sparc-sun-solaris2.9
GCC target triplet: sparc-sun-solaris2.9
Apparently recent patches from Sun make some changes to system
headers in Solaris 9, causing fix-header to segfault when doing
"make bootstrap".
How to reproduce (on Solaris 9 with latest recommended patches installed,
using gcc-3.3 as bootstrap compiler):
# mkdir objdir; cd objdir
# ../configure --prefix=/opt/gcc-3.3.1 --enable-languages=c,c++ --disable-nls
--disable-shared
# make bootstrap
...
if [ -f fixhdr.ready ] ; then \
true; \
else \
echo timestamp > fixhdr.ready; \
fi
if [ -f include/fixed ] ; then true; \
else \
: This line works around a 'make' bug in BSDI 1.1.; \
FIXPROTO_DEFINES=""; export FIXPROTO_DEFINES; \
mkinstalldirs="/bin/sh ../../gcc/mkinstalldirs"; \
export mkinstalldirs; \
if [ -d /usr/include ] ; then \
/bin/sh ../../gcc/fixproto include include /usr/include; \
if [ $? -eq 0 ] ; then true ; else exit 1 ; fi ; \
else true; fi; \
echo timestamp > include/fixed; \
fi
fixproto: populating `include'
fix-header: fixing curses.h
Segmentation Fault - core dumped
make[2]: *** [stmp-fixproto] Error 1
make[2]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make[1]: *** [stage1_build] Error 2
make[1]: Leaving directory `/opt/src/gcc/gcc-3.3.1/objdir/gcc'
make: *** [bootstrap] Error 2
After investigating this with gdb, it seems global variable
symbol_table (from fix-header.c) gets overwritten when
extern_C_braces (from scan-decls.c) overflows, if there are
too many nested braces in header files.
Following seems to fix the problem, but this is just a hack
not a real fix, since this might still happen if there are
really many nested braces in some weird header file :)
--- gcc-3.3.1/gcc/scan-decls.c.orig Thu Oct 2 11:49:15 2003
+++ gcc-3.3.1/gcc/scan-decls.c Thu Oct 2 11:50:16 2003
@@ -32,7 +32,7 @@
indicate the (brace nesting levels of) left braces that were
prefixed by extern "C". */
int extern_C_braces_length = 0;
-char extern_C_braces[20];
+char extern_C_braces[200];
#define in_extern_C_brace (extern_C_braces_length>0)
/* True if the function declaration currently being scanned is
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug bootstrap/12490] buffer overflow in scan-decls.c (bootstrap fails)
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
@ 2003-10-03 3:59 ` ebotcazou at gcc dot gnu dot org
2003-10-03 3:59 ` ebotcazou at gcc dot gnu dot org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: ebotcazou at gcc dot gnu dot org @ 2003-10-03 3:59 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
ebotcazou at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |ebotcazou at gcc dot gnu dot
|dot org |org
Status|WAITING |ASSIGNED
------- Additional Comments From ebotcazou at gcc dot gnu dot org 2003-10-03 03:59 -------
I'll take care of it.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug bootstrap/12490] buffer overflow in scan-decls.c (bootstrap fails)
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
2003-10-03 3:59 ` [Bug bootstrap/12490] " ebotcazou at gcc dot gnu dot org
@ 2003-10-03 3:59 ` ebotcazou at gcc dot gnu dot org
2003-10-05 18:29 ` mark at codesourcery dot com
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: ebotcazou at gcc dot gnu dot org @ 2003-10-03 3:59 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
ebotcazou at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |WAITING
Target Milestone|--- |3.3.2
------- Additional Comments From ebotcazou at gcc dot gnu dot org 2003-10-03 03:59 -------
That's really annoying and we should fix it for GCC 3.3.2.
I think your solution is good enough because fixproto will be obsoleted in GCC
3.4 (in particular on Solaris machines). Any chance that you could estimate the
maximum nesting level? I'd like to both have a security margin and put a comment.
Thanks in advance.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug bootstrap/12490] buffer overflow in scan-decls.c (bootstrap fails)
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
2003-10-03 3:59 ` [Bug bootstrap/12490] " ebotcazou at gcc dot gnu dot org
2003-10-03 3:59 ` ebotcazou at gcc dot gnu dot org
@ 2003-10-05 18:29 ` mark at codesourcery dot com
2003-10-08 12:29 ` cvs-commit at gcc dot gnu dot org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: mark at codesourcery dot com @ 2003-10-05 18:29 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
------- Additional Comments From mark at codesourcery dot com 2003-10-05 18:29 -------
Subject: Re: buffer overflow in scan-decls.c
(bootstrap fails)
On Fri, 2003-10-03 at 23:18, ebotcazou at gcc dot gnu dot org wrote:
> PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
>
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
This patch is OK. For extra brownie points, add an error message in the
case that extern_C_braces_length overflows the array bounds, but that's
not necessary if you don't have time.
Thanks,
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug bootstrap/12490] buffer overflow in scan-decls.c (bootstrap fails)
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
` (2 preceding siblings ...)
2003-10-05 18:29 ` mark at codesourcery dot com
@ 2003-10-08 12:29 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:33 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:38 ` [Bug bootstrap/12490] buffer overflow in scan-decls.c ebotcazou at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2003-10-08 12:29 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2003-10-08 12:29 -------
Subject: Bug 12490
CVSROOT: /cvs/gcc
Module name: gcc
Changes by: ebotcazou@gcc.gnu.org 2003-10-08 12:29:28
Modified files:
gcc : ChangeLog scan-decls.c
Log message:
PR bootstrap/12490
* scan-decls.c (MAX_EXTERN_C_BRACES): New preprocessor constant
to define the size of the extern_C_braces array. Set it to 200.
(scan_decls): Abort when extern_C_braces_length is out-of-bounds.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&r1=2.1336&r2=2.1337
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/scan-decls.c.diff?cvsroot=gcc&r1=1.32&r2=1.33
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug bootstrap/12490] buffer overflow in scan-decls.c (bootstrap fails)
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
` (3 preceding siblings ...)
2003-10-08 12:29 ` cvs-commit at gcc dot gnu dot org
@ 2003-10-08 12:33 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:38 ` [Bug bootstrap/12490] buffer overflow in scan-decls.c ebotcazou at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2003-10-08 12:33 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2003-10-08 12:33 -------
Subject: Bug 12490
CVSROOT: /cvs/gcc
Module name: gcc
Branch: gcc-3_3-branch
Changes by: ebotcazou@gcc.gnu.org 2003-10-08 12:33:49
Modified files:
gcc : ChangeLog scan-decls.c
Log message:
PR bootstrap/12490
* scan-decls.c (MAX_EXTERN_C_BRACES): New preprocessor constant
to define the size of the extern_C_braces array. Set it to 200.
(scan_decls): Abort when extern_C_braces_length is out-of-bounds.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.16114.2.773&r2=1.16114.2.774
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/scan-decls.c.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.30&r2=1.30.20.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug bootstrap/12490] buffer overflow in scan-decls.c
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
` (4 preceding siblings ...)
2003-10-08 12:33 ` cvs-commit at gcc dot gnu dot org
@ 2003-10-08 12:38 ` ebotcazou at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: ebotcazou at gcc dot gnu dot org @ 2003-10-08 12:38 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12490
ebotcazou at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
Summary|buffer overflow in scan- |buffer overflow in scan-
|decls.c (bootstrap fails) |decls.c
------- Additional Comments From ebotcazou at gcc dot gnu dot org 2003-10-08 12:37 -------
Patch applied with Mark's amelioration.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-10-08 12:38 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-02 8:54 [Bug bootstrap/12490] New: buffer overflow in scan-decls.c (bootstrap fails) tjko at iki dot fi
2003-10-03 3:59 ` [Bug bootstrap/12490] " ebotcazou at gcc dot gnu dot org
2003-10-03 3:59 ` ebotcazou at gcc dot gnu dot org
2003-10-05 18:29 ` mark at codesourcery dot com
2003-10-08 12:29 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:33 ` cvs-commit at gcc dot gnu dot org
2003-10-08 12:38 ` [Bug bootstrap/12490] buffer overflow in scan-decls.c ebotcazou at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).