public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
From: "Alexander N. Kabaev" <ak03@gte.com>
To: gcc-gnats@gcc.gnu.org
Subject: preprocessor/9514: tradcpp0 dumps core on binary data
Date: Thu, 30 Jan 2003 20:26:00 -0000 [thread overview]
Message-ID: <200301302019.h0UKJQJ6022230@ork.gte.com> (raw)
>Number: 9514
>Category: preprocessor
>Synopsis: tradcpp0 dumps core on binary data
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 30 20:26:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Alexander N. Kabaev
>Release: 3.2.2 20030106 (prerelease)
>Organization:
FreeBSD.ORG
>Environment:
System: FreeBSD ork.gte.com 4.7-STABLE FreeBSD 4.7-STABLE #3: Tue Jan 28 11:09:15 EST 2003 ak03@ork.gte.com:/usr/src/sys/compile/KAN i386
host: i386-portbld-freebsd4.7
build: i386-portbld-freebsd4.7
target: i386-portbld-freebsd4.7
configured with: ./..//gcc-3.2.1/configure --disable-nls --with-gnu-as --with-gnu-ld --with-gxx-include-dir=/usr/local/lib/gcc-lib/i386-portbld-freebsd4.7/3.2.1/include/g++-v3 --with-system-zlib --includedir=/usr/local/lib/gcc-lib/i386-portbld-freebsd4.7/3.2.1/include/Java --disable-libgcj --disable-shared --prefix=/usr/local i386-portbld-freebsd4.7
>Description:
When given a data with embbedded '\0' before the first '\r' occurrentce,
tradcpp0 will dump core trying to dereference a null pointer.
The following code in fixup_newlines function is problematic:
p = (U_CHAR *) strchr ((const char *) fp->buf, '\r');
*end = '\0';
if (p == end)
return;
if (p > fp->buf && p[-1] == '\n')
p--;
q = p;
while (p < end)
switch (*p)
^^^^^ Crash happens here.
With null character before the first '\r', strchr can return NULL,
causing the crash later.
Preprocessing binary data is questionable activity, but I think
preprocessor should handle these mistakes gracefully.
>How-To-Repeat:
tradcpp0 /etc on any system which allow directory opens (i.e. any BSD system)
>Fix:
Index: tradcpp.c
===================================================================
RCS file: /usr/ncvs/src/contrib/gcc/tradcpp.c,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 tradcpp.c
--- tradcpp.c 4 Dec 2002 15:40:06 -0000 1.1.1.5
+++ tradcpp.c 30 Jan 2003 20:13:45 -0000
@@ -2605,7 +2605,7 @@
end = fp->buf + fp->length;
*end = '\r';
- p = (U_CHAR *) strchr ((const char *) fp->buf, '\r');
+ p = (U_CHAR *) memchr ((const char *) fp->buf, '\r', fp->length + 1);
*end = '\0';
if (p == end)
return;
>Release-Note:
>Audit-Trail:
>Unformatted:
next reply other threads:[~2003-01-30 20:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-30 20:26 Alexander N. Kabaev [this message]
2003-01-30 20:36 Neil Booth
2003-02-02 21:33 neil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200301302019.h0UKJQJ6022230@ork.gte.com \
--to=ak03@gte.com \
--cc=gcc-gnats@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).