From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28873 invoked by alias); 26 Sep 2002 15:26:03 -0000 Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-prs-owner@gcc.gnu.org Received: (qmail 28854 invoked by uid 71); 26 Sep 2002 15:26:03 -0000 Resent-Date: 26 Sep 2002 15:26:03 -0000 Resent-Message-ID: <20020926152603.28853.qmail@sources.redhat.com> Resent-From: gcc-gnats@gcc.gnu.org (GNATS Filer) Resent-Cc: gcc-prs@gcc.gnu.org, gcc-bugs@gcc.gnu.org Resent-Reply-To: gcc-gnats@gcc.gnu.org, ak03@gte.com Received: (qmail 27486 invoked from network); 26 Sep 2002 15:23:19 -0000 Received: from unknown (HELO h132-197-179-51.gte.com) (132.197.179.51) by sources.redhat.com with SMTP; 26 Sep 2002 15:23:19 -0000 Received: from ork.gte.com (localhost [127.0.0.1]) by h132-197-179-51.gte.com (8.12.6/8.12.5) with ESMTP id g8QFNFvu097486 for ; Thu, 26 Sep 2002 11:23:15 -0400 (EDT) (envelope-from ak03@ork.gte.com) Received: (from ak03@localhost) by ork.gte.com (8.12.6/8.12.6/Submit) id g8QFNEXE097485; Thu, 26 Sep 2002 11:23:14 -0400 (EDT) Message-Id: <200209261523.g8QFNEXE097485@ork.gte.com> Date: Thu, 26 Sep 2002 08:26:00 -0000 From: ak03@gte.com To: gcc-gnats@gcc.gnu.org X-Send-Pr-Version: 3.113 Subject: preprocessor/8055: CPP0 segfault on FreeBSD + PATCH X-SW-Source: 2002-09/txt/msg00716.txt.bz2 List-Id: >Number: 8055 >Category: preprocessor >Synopsis: PATCH: CPPO dies with SIG11 when building FreeBSD kernel >Confidential: no >Severity: serious >Priority: medium >Responsible: unassigned >State: open >Class: ice-on-legal-code >Submitter-Id: net >Arrival-Date: Thu Sep 26 08:26:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Alexander N. Kabaev >Release: 3.2.1 [FreeBSD] 20020916 (prerelease) >Organization: >Environment: System: FreeBSD kanpc.gte.com 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Mon Sep 16 10:44:41EDT 2002 root@kanpc.gte.com:/usr/obj/usr/src/sys/KANPC i386 GCC 3.2.1 configured as system compiler As well as: System: FreeBSD ork.gte.com 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #0: Mon Sep 16 11:16:37 EDT 2002 root@ork.gte.com:/usr/src/sys/compile/KAN i386 GCC 3.2.1 built from ports: host: i386-portbld-freebsd4.7 build: i386-portbld-freebsd4.7 target: i386-portbld-freebsd4.7 configured with: ./..//gcc-20020902/configure --disable-nls --with-gnu-as --with-gnu-ld --with-gxx-include-dir=/usr/local/lib/gcc-lib/i386-portbld-freebsd4.7/3.2.1/include/g++-v3 --with-system-zlib --includedir=/usr/local/lib/gcc-lib/i386-portbld-freebsd4.7/3.2.1/include/Java --disable-libgcj --disable-shared --prefix=/usr/local i386-portbld-freebsd4.7 >Description: Preprocessor CPP0 dumps core when used to create dependencies list while building the FreeBSD kernel. The reason is the bug in gcc/cppmacro.cpp in function stringify_arg. If pfile->u_buff buffer is completely filled when the function is called (i.e. BUFF_FRONT (pfile->u_buff) == BUFF_LIMIT (pfile->u_buff) ), and the macro_arg passed to it as a second parameter has no tokens, that is arg->count is 0, then stringify_buffer will happily advance the BUFF_FRONT(pfile->u_buff) pointer past the BUFF_LIMIT (pfile->u_buff) values, making comparisons like (size_t) (BUFF_LIMIT (pfile->u_buff) - dest) < len useless. CPP0 will dump core shortly afterwards trying strchr/strcpy a string which it thinks is about 4G in size. >How-To-Repeat: The test case is not exactly trivial to produce. The stringify_arg function should be called with an empty argument and completely filled buffer. The layout of system header files happend to trigger exectly this condition. >Fix: The patch below takes care of the problem. Index: contrib/gcc/cppmacro.c =================================================================== RCS file: /usr/ncvs/src/contrib/gcc/cppmacro.c,v retrieving revision 1.1.1.4 diff -u -r1.1.1.4 cppmacro.c --- contrib/gcc/cppmacro.c 1 Sep 2002 20:37:29 -0000 1.1.1.4 +++ contrib/gcc/cppmacro.c 24 Sep 2002 15:40:54 -0000 @@ -349,6 +349,12 @@ /* Commit the memory, including NUL, and return the token. */ len = dest - BUFF_FRONT (pfile->u_buff); + if ((size_t) (BUFF_LIMIT (pfile->u_buff) - dest) < 1) + { + size_t len_so_far = dest - BUFF_FRONT (pfile->u_buff); + _cpp_extend_buff (pfile, &pfile->u_buff, 1); + dest = BUFF_FRONT (pfile->u_buff) + len_so_far; + } BUFF_FRONT (pfile->u_buff) = dest + 1; return new_string_token (pfile, dest - len, len); } >Release-Note: >Audit-Trail: >Unformatted: