public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals @ 2005-06-18 12:10 rmathew at gcc dot gnu dot org 2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: rmathew at gcc dot gnu dot org @ 2005-06-18 12:10 UTC (permalink / raw) To: gcc-bugs There is a buffer overflow error in GCJ while reading in large FP literals, as shown by Jacks testcase 3.10.2-round-6 (and others). On my machine, this manifests itself only when "parse.y" or "lex.c" is recompiled at -O0 after a full bootstrap, like so: cd $GCC_SRC_DIR/gcc/java touch parse.y cd $BUILD_DIR make BOOT_CFLAGS='-O0 -g3' bubblestrap Compile the attached testcase before and after this. In my case, it gives the expected "Floating point literal too large error" only in the former case. The array "literal_token" in do_java_lex() in lex.c is 256 characters long, but the subsequent code merrily overwrites long literals past this limit. A silly patch to overcome this particular error is: Index: lex.c =================================================================== --- lex.c 2005-06-18 17:04:00.000000000 +0530 +++ lex.c 2005-06-18 17:06:14.000000000 +0530 @@ -965,7 +965,7 @@ do_java_lex (YYSTYPE *java_lval) int parts[TOTAL_PARTS]; HOST_WIDE_INT high, low; /* End borrowed section. */ - char literal_token [256]; + char literal_token [512]; int literal_index = 0, radix = 10, long_suffix = 0, overflow = 0, bytes; int found_hex_digits = 0, found_non_octal_digits = -1; int i; But of course this won't do. We need to have a better fix for this issue. I'm filing this bug so that we don't lose track of this issue. -- Summary: Buffer overflow in the lexical analyser while reading FP literals Product: gcc Version: 4.1.0 Status: UNCONFIRMED Severity: normal Priority: P2 Component: java AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: rmathew at gcc dot gnu dot org CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals 2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org @ 2005-06-18 12:11 ` rmathew at gcc dot gnu dot org 2005-08-14 15:16 ` rmathew at gcc dot gnu dot org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: rmathew at gcc dot gnu dot org @ 2005-06-18 12:11 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From rmathew at gcc dot gnu dot org 2005-06-18 12:11 ------- Created an attachment (id=9107) --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=9107&action=view) Jacks testcase 3.10.2-round-6 that demonstrates this problem. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals 2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org 2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org @ 2005-08-14 15:16 ` rmathew at gcc dot gnu dot org 2005-08-16 18:49 ` cvs-commit at gcc dot gnu dot org 2005-08-16 18:53 ` rmathew at gcc dot gnu dot org 3 siblings, 0 replies; 5+ messages in thread From: rmathew at gcc dot gnu dot org @ 2005-08-14 15:16 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From rmathew at gcc dot gnu dot org 2005-08-14 15:16 ------- These days, this bug manifests itself on mainline regularly as: FAIL: 3.10.2-round-6 in the Jacks testsuite. -- What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed| |1 Last reconfirmed|0000-00-00 00:00:00 |2005-08-14 15:16:01 date| | http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals 2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org 2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org 2005-08-14 15:16 ` rmathew at gcc dot gnu dot org @ 2005-08-16 18:49 ` cvs-commit at gcc dot gnu dot org 2005-08-16 18:53 ` rmathew at gcc dot gnu dot org 3 siblings, 0 replies; 5+ messages in thread From: cvs-commit at gcc dot gnu dot org @ 2005-08-16 18:49 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-08-16 18:46 ------- Subject: Bug 22113 CVSROOT: /cvs/gcc Module name: gcc Changes by: rmathew@gcc.gnu.org 2005-08-16 18:46:19 Modified files: gcc/java : ChangeLog lex.c Log message: PR java/22113 * lex.c (do_java_lex): Define MAX_TOKEN_LEN. Avoid overflowing `literal_token' for large numeric input tokens. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/java/ChangeLog.diff?cvsroot=gcc&r1=1.1657&r2=1.1658 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/java/lex.c.diff?cvsroot=gcc&r1=1.121&r2=1.122 -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals 2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org ` (2 preceding siblings ...) 2005-08-16 18:49 ` cvs-commit at gcc dot gnu dot org @ 2005-08-16 18:53 ` rmathew at gcc dot gnu dot org 3 siblings, 0 replies; 5+ messages in thread From: rmathew at gcc dot gnu dot org @ 2005-08-16 18:53 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From rmathew at gcc dot gnu dot org 2005-08-16 18:49 ------- Fix checked in. -- What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED Target Milestone|--- |4.1.0 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-08-16 18:49 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org 2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org 2005-08-14 15:16 ` rmathew at gcc dot gnu dot org 2005-08-16 18:49 ` cvs-commit at gcc dot gnu dot org 2005-08-16 18:53 ` rmathew at gcc dot gnu dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).