From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1920 invoked by alias); 21 Aug 2005 17:57:17 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 1901 invoked by uid 48); 21 Aug 2005 17:57:13 -0000 Date: Sun, 21 Aug 2005 18:02:00 -0000 From: "falk at debian dot org" To: gcc-bugs@gcc.gnu.org Message-ID: <20050821175712.23506.falk@debian.org> Reply-To: gcc-bugzilla@gcc.gnu.org Subject: [Bug c/23506] New: Bad array access in DEF_GCC_BUILTIN X-Bugzilla-Reason: CC X-SW-Source: 2005-08/txt/msg02414.txt.bz2 List-Id: We have in c-common.c: #define DEF_BUILTIN(ENUM, NAME, CLASS, TYPE, LIBTYPE, BOTH_P, FALLBACK_P, \ NONANSI_P, ATTRS, IMPLICIT, COND) \ if (NAME && COND) \ def_builtin_1 (ENUM, NAME, CLASS, \ builtin_types[(int) TYPE], \ builtin_types[(int) LIBTYPE], \ BOTH_P, FALLBACK_P, NONANSI_P, \ built_in_attributes[(int) ATTRS], IMPLICIT); and in builtins.def #define DEF_GCC_BUILTIN(ENUM, NAME, TYPE, ATTRS) \ DEF_BUILTIN (ENUM, "__builtin_" NAME, BUILT_IN_NORMAL, TYPE, BT_LAST, \ false, false, false, ATTRS, true, true) so this line in builtins.def DEF_GCC_BUILTIN (BUILT_IN_HUGE_VAL, "huge_val", BT_FN_DOUBLE, ATTR_CONST_NOTHROW_LIST) expands to if ("__builtin_" "huge_val" && 1) def_builtin_1 (BUILT_IN_HUGE_VAL, "__builtin_" "huge_val", BUILT_IN_NORMAL, builtin_types[(int) BT_FN_DOUBLE], builtin_types[(int) BT_LAST], 0, 0, 0, built_in_attributes[(int) ATTR_CONST_NOTHROW_LIST], 1); but builtin_types is declared in c-common.c as tree builtin_types[(int) BT_LAST]; so the access "builtin_types[(int) BT_LAST]" exceeds the array bounds. -- Summary: Bad array access in DEF_GCC_BUILTIN Product: gcc Version: 4.1.0 Status: UNCONFIRMED Severity: normal Priority: P2 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: falk at debian dot org CC: gcc-bugs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23506