public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug preprocessor/14461] New: preprocessor cause buffer overflow
@ 2004-03-06 17:57 kutara at sayuri dot ne dot jp
2004-03-06 18:43 ` [Bug preprocessor/14461] " pinskia at gcc dot gnu dot org
2004-03-06 23:45 ` zack at gcc dot gnu dot org
0 siblings, 2 replies; 3+ messages in thread
From: kutara at sayuri dot ne dot jp @ 2004-03-06 17:57 UTC (permalink / raw)
To: gcc-bugs
Preprocessor allocate buffer using mmap() or malloc() for reading include files
at cppfiles.c / read_include_file().
When using malloc(), the buffer can be NUL-terminated.
But using mmap(), the buffer cannot be NUL-terminated.
Almost implementation of mmap() are NUL-terminated after the mmap()ed file data.
But XFS(SGI's file system) on Linux is different.
So everywhere reading buffer like 'buffer->cur++', must check buffer overflow.
For example, at cpplex.c / _cpp_lex_direct(),
> skipped_white:
+ if( buffer->cur > buffer->rlimit )
+ c = '\0';
+ else
> c = *buffer->cur++;
> result->col = CPP_BUF_COLUMN (buffer, buffer->cur);
--
Summary: preprocessor cause buffer overflow
Product: gcc
Version: 3.3.3
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: preprocessor
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: kutara at sayuri dot ne dot jp
CC: gcc-bugs at gcc dot gnu dot org
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14461
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug preprocessor/14461] preprocessor cause buffer overflow
2004-03-06 17:57 [Bug preprocessor/14461] New: preprocessor cause buffer overflow kutara at sayuri dot ne dot jp
@ 2004-03-06 18:43 ` pinskia at gcc dot gnu dot org
2004-03-06 23:45 ` zack at gcc dot gnu dot org
1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-03-06 18:43 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-03-06 18:43 -------
It is a bug in XFS then because this is behavior which the 3.3.x preprocessor depepended on but this is
fixed for 3.4.0 by no longer using mmap on a file.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |3.4.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14461
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug preprocessor/14461] preprocessor cause buffer overflow
2004-03-06 17:57 [Bug preprocessor/14461] New: preprocessor cause buffer overflow kutara at sayuri dot ne dot jp
2004-03-06 18:43 ` [Bug preprocessor/14461] " pinskia at gcc dot gnu dot org
@ 2004-03-06 23:45 ` zack at gcc dot gnu dot org
1 sibling, 0 replies; 3+ messages in thread
From: zack at gcc dot gnu dot org @ 2004-03-06 23:45 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From zack at gcc dot gnu dot org 2004-03-06 23:45 -------
Just to confirm what Andrew said:
The Single Unix Standard *requires* mmap to zero-fill to a page boundary.
Not doing this is a potential security hole. Report this to the XFS developers
as a critical bug.
GCC 3.4 does not use mmap and will not be affected by the bug.
zw
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14461
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-03-06 23:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-03-06 17:57 [Bug preprocessor/14461] New: preprocessor cause buffer overflow kutara at sayuri dot ne dot jp
2004-03-06 18:43 ` [Bug preprocessor/14461] " pinskia at gcc dot gnu dot org
2004-03-06 23:45 ` zack at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).