[Bug libobjc/51891] New: class_copyIvarList crashes on empty ivars

[Bug libobjc/51891] New: class_copyIvarList crashes on empty ivars

[tilo at pruetz dot net]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

             Bug #: 51891
           Summary: class_copyIvarList crashes on empty ivars
    Classification: Unclassified
           Product: gcc
           Version: 4.6.2
            Status: UNCONFIRMED
          Severity: blocker
          Priority: P3
         Component: libobjc
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: tilo@pruetz.net


Created attachment 26361
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=26361
simple example

When calling class_copyIvarList(class, NULL) with a class that has no ivars the
app crashes with a segfault.

Please find an example attached.

[Bug libobjc/51891] class_copyIvarList crashes on empty ivars

[pinskia at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|blocker                     |normal

[Bug libobjc/51891] class_copyIvarList crashes on empty ivars

[dpapavas at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

Dimitris Papavasiliou <dpapavas at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dpapavas at gmail dot com

--- Comment #1 from Dimitris Papavasiliou <dpapavas at gmail dot com> 2012-09-16 15:21:04 UTC ---
The runtime crashes at libobj.c/ivars.c line 191:

count = ivar_list->ivar_count;

The problem is that, when a class has no instance variables ivar_list will be
NULL so this needs to be checked for.

[Bug libobjc/51891] class_copyIvarList crashes on empty ivars

[larry.campbell at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

--- Comment #2 from Larry Campbell <larry.campbell at gmail dot com> ---
Is anyone going to fix this? It is quite debilitating and there is no good
workaround. Prior to gcc 4.6 one could include
objc/deprecated/struct_objc_class.h and inspect ivar_list yourself before
calling class_copyIvarList. Now that the ABI internals are private, this is no
longer an option, and it's impossible to protect against.

[Bug libobjc/51891] class_copyIvarList crashes on empty ivars

[dpapavas at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

--- Comment #3 from Dimitris Papavasiliou <dpapavas at gmail dot com> ---
Created attachment 34329
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34329&action=edit
A patch that fixes the issue and provides a suitable testcase.

[Bug libobjc/51891] class_copyIvarList crashes on empty ivars

[mrs at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

--- Comment #4 from mrs at gcc dot gnu.org <mrs at gcc dot gnu.org> ---
Author: mrs
Date: Fri Jan  9 18:12:51 2015
New Revision: 219399

URL: https://gcc.gnu.org/viewcvs?rev=219399&root=gcc&view=rev
Log:
Added PR libobjc/51891.

Modified:
    trunk/gcc/testsuite/ChangeLog
    trunk/libobjc/ChangeLog

[Bug libobjc/51891] class_copyIvarList crashes on empty ivars

[mrs at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51891

mrs at gcc dot gnu.org <mrs at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |mrs at gcc dot gnu.org
         Resolution|---                         |FIXED

--- Comment #5 from mrs at gcc dot gnu.org <mrs at gcc dot gnu.org> ---
Fixed.