public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation
@ 2013-03-09 20:51 richard-gccbugzilla at metafoo dot co.uk
  2013-03-09 22:41 ` [Bug c++/56582] " paolo.carlini at oracle dot com
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: richard-gccbugzilla at metafoo dot co.uk @ 2013-03-09 20:51 UTC (permalink / raw)
  To: gcc-bugs


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56582

             Bug #: 56582
           Summary: ICE on negative array index in C++11 constant
                    expression evaluation
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: richard-gccbugzilla@metafoo.co.uk


The C++ expression evaluator is not checking for negative array indices when
indexing string literals. This leads to ICEs and reading arbitrary memory
within the GCC process:

// Reliable ICE
constexpr int n[3] = {}; constexpr int k = n[-1];

// Some random byte
constexpr char c = "foo"[-1000];


^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug c++/56582] ICE on negative array index in C++11 constant expression evaluation
  2013-03-09 20:51 [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation richard-gccbugzilla at metafoo dot co.uk
@ 2013-03-09 22:41 ` paolo.carlini at oracle dot com
  2013-03-09 23:07 ` paolo.carlini at oracle dot com
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: paolo.carlini at oracle dot com @ 2013-03-09 22:41 UTC (permalink / raw)
  To: gcc-bugs


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56582

Paolo Carlini <paolo.carlini at oracle dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2013-03-09
     Ever Confirmed|0                           |1

--- Comment #1 from Paolo Carlini <paolo.carlini at oracle dot com> 2013-03-09 22:41:35 UTC ---
Confirmed.


^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug c++/56582] ICE on negative array index in C++11 constant expression evaluation
  2013-03-09 20:51 [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation richard-gccbugzilla at metafoo dot co.uk
  2013-03-09 22:41 ` [Bug c++/56582] " paolo.carlini at oracle dot com
@ 2013-03-09 23:07 ` paolo.carlini at oracle dot com
  2013-03-16 10:02 ` paolo at gcc dot gnu.org
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: paolo.carlini at oracle dot com @ 2013-03-09 23:07 UTC (permalink / raw)
  To: gcc-bugs


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56582

Paolo Carlini <paolo.carlini at oracle dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|unassigned at gcc dot       |paolo.carlini at oracle dot
                   |gnu.org                     |com

--- Comment #2 from Paolo Carlini <paolo.carlini at oracle dot com> 2013-03-09 23:07:19 UTC ---
Seems easy to fix.


^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug c++/56582] ICE on negative array index in C++11 constant expression evaluation
  2013-03-09 20:51 [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation richard-gccbugzilla at metafoo dot co.uk
  2013-03-09 22:41 ` [Bug c++/56582] " paolo.carlini at oracle dot com
  2013-03-09 23:07 ` paolo.carlini at oracle dot com
@ 2013-03-16 10:02 ` paolo at gcc dot gnu.org
  2013-03-16 10:04 ` paolo.carlini at oracle dot com
  2013-03-23  1:25 ` paolo.carlini at oracle dot com
  4 siblings, 0 replies; 6+ messages in thread
From: paolo at gcc dot gnu.org @ 2013-03-16 10:02 UTC (permalink / raw)
  To: gcc-bugs


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56582

--- Comment #3 from paolo at gcc dot gnu.org <paolo at gcc dot gnu.org> 2013-03-16 10:02:21 UTC ---
Author: paolo
Date: Sat Mar 16 10:02:11 2013
New Revision: 196701

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=196701
Log:
/cp
2013-03-16  Paolo Carlini  <paolo.carlini@oracle.com>

    PR c++/56582
    * semantics.c (cxx_eval_array_reference): Check for negative index.

/testsuite
2013-03-16  Paolo Carlini  <paolo.carlini@oracle.com>

    PR c++/56582
    * g++.dg/cpp0x/constexpr-array5.C: New.

Added:
    trunk/gcc/testsuite/g++.dg/cpp0x/constexpr-array5.C
Modified:
    trunk/gcc/cp/ChangeLog
    trunk/gcc/cp/semantics.c
    trunk/gcc/testsuite/ChangeLog


^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug c++/56582] ICE on negative array index in C++11 constant expression evaluation
  2013-03-09 20:51 [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation richard-gccbugzilla at metafoo dot co.uk
                   ` (2 preceding siblings ...)
  2013-03-16 10:02 ` paolo at gcc dot gnu.org
@ 2013-03-16 10:04 ` paolo.carlini at oracle dot com
  2013-03-23  1:25 ` paolo.carlini at oracle dot com
  4 siblings, 0 replies; 6+ messages in thread
From: paolo.carlini at oracle dot com @ 2013-03-16 10:04 UTC (permalink / raw)
  To: gcc-bugs


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56582

Paolo Carlini <paolo.carlini at oracle dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |4.8.1


^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Bug c++/56582] ICE on negative array index in C++11 constant expression evaluation
  2013-03-09 20:51 [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation richard-gccbugzilla at metafoo dot co.uk
                   ` (3 preceding siblings ...)
  2013-03-16 10:04 ` paolo.carlini at oracle dot com
@ 2013-03-23  1:25 ` paolo.carlini at oracle dot com
  4 siblings, 0 replies; 6+ messages in thread
From: paolo.carlini at oracle dot com @ 2013-03-23  1:25 UTC (permalink / raw)
  To: gcc-bugs


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56582

Paolo Carlini <paolo.carlini at oracle dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #4 from Paolo Carlini <paolo.carlini at oracle dot com> 2013-03-23 01:25:09 UTC ---
Fixed mainline and 4.8.1.


^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-03-23  1:25 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-09 20:51 [Bug c++/56582] New: ICE on negative array index in C++11 constant expression evaluation richard-gccbugzilla at metafoo dot co.uk
2013-03-09 22:41 ` [Bug c++/56582] " paolo.carlini at oracle dot com
2013-03-09 23:07 ` paolo.carlini at oracle dot com
2013-03-16 10:02 ` paolo at gcc dot gnu.org
2013-03-16 10:04 ` paolo.carlini at oracle dot com
2013-03-23  1:25 ` paolo.carlini at oracle dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).