Fix for PR70492

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* Fix for PR70492
@ 2016-04-01  3:04 Marcel Böhme
  2016-04-08 12:18 ` Bernd Schmidt
  0 siblings, 1 reply; 2+ messages in thread
From: Marcel Böhme @ 2016-04-01  3:04 UTC (permalink / raw)
  To: gcc-patches

Hi,

This fixes the invalid write of size 8 detailed in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492

Handle the special case when consume_count returns -1 due to an integer overflow when parsing the length of the virtual table qualifier in cplus-dem.c:2994 (gnu_special).

Index: libiberty/cplus-dem.c
===================================================================
--- libiberty/cplus-dem.c	(revision 234663)
+++ libiberty/cplus-dem.c	(working copy)
@@ -3001,6 +3001,11 @@ gnu_special (work, mangled, declp)
 		      success = 1;
 		      break;
 		    }
+                  else if (n == -1)
+                    {
+                      success = 0;
+                      break;
+                    }
 		}
 	      else
 		{

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Fix for PR70492
  2016-04-01  3:04 Fix for PR70492 Marcel Böhme
@ 2016-04-08 12:18 ` Bernd Schmidt
  0 siblings, 0 replies; 2+ messages in thread
From: Bernd Schmidt @ 2016-04-08 12:18 UTC (permalink / raw)
  To: Marcel Böhme, gcc-patches

On 04/01/2016 05:03 AM, Marcel BÃ¶hme wrote:
> This fixes the invalid write of size 8 detailed in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
>
> Handle the special case when consume_count returns -1 due to an integer overflow when parsing the length of the virtual table qualifier in cplus-dem.c:2994 (gnu_special).
>
> Index: libiberty/cplus-dem.c
> ===================================================================
> --- libiberty/cplus-dem.c	(revision 234663)
> +++ libiberty/cplus-dem.c	(working copy)
> @@ -3001,6 +3001,11 @@ gnu_special (work, mangled, declp)
>   		      success = 1;
>   		      break;
>   		    }
> +                  else if (n == -1)
> +                    {
> +                      success = 0;
> +                      break;
> +                    }

I've discussed these patches with Jakub and he gave me RM green light 
for these patches at this stage. I've committed this one, and the one 
for PR69687.

Some more comments for next time. Patch submissions should include 
ChangeLog entries. For whitespace, try to follow the prevalent style 
which is to begin the line with tab characters; the patch above contains 
only spaces.


Bernd

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-04-08 12:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-01  3:04 Fix for PR70492 Marcel Böhme
2016-04-08 12:18 ` Bernd Schmidt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).