Re: preprocessor/9514: tradcpp0 dumps core on binary data

Re: preprocessor/9514: tradcpp0 dumps core on binary data

[neil]

Synopsis: tradcpp0 dumps core on binary data

State-Changed-From-To: open->closed
State-Changed-By: neil
State-Changed-When: Sun Feb  2 21:33:01 2003
State-Changed-Why:
    Fixed in 3.2.2.

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=9514

Re: preprocessor/9514: tradcpp0 dumps core on binary data

[Neil Booth]

The following reply was made to PR preprocessor/9514; it has been noted by GNATS.

From: Neil Booth <neil@daikokuya.co.uk>
To: "Alexander N. Kabaev" <ak03@gte.com>, Jakub Jelinek <jakub@redhat.com>
Cc: gcc-gnats@gcc.gnu.org, gcc-bugs@gcc.gnu.org
Subject: Re: preprocessor/9514: tradcpp0 dumps core on binary data
Date: Thu, 30 Jan 2003 20:29:37 +0000

 Alexander N. Kabaev wrote:-
 
 > 
 > >Number:         9514
 > >Category:       preprocessor
 > >Synopsis:       tradcpp0 dumps core on binary data
 
 Jakub, another one, that's 3 now.  I'd appreciate it if you fixed this.
 I can't do it because I don't have an employer disclaimer in place.
 
 Neil.

preprocessor/9514: tradcpp0 dumps core on binary data

[Alexander N. Kabaev]

>Number:         9514
>Category:       preprocessor
>Synopsis:       tradcpp0 dumps core on binary data
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 30 20:26:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Alexander N. Kabaev
>Release:        3.2.2 20030106 (prerelease)
>Organization:
FreeBSD.ORG
>Environment:
System: FreeBSD ork.gte.com 4.7-STABLE FreeBSD 4.7-STABLE #3: Tue Jan 28 11:09:15 EST 2003 ak03@ork.gte.com:/usr/src/sys/compile/KAN i386


	
host: i386-portbld-freebsd4.7
build: i386-portbld-freebsd4.7
target: i386-portbld-freebsd4.7
configured with: ./..//gcc-3.2.1/configure --disable-nls --with-gnu-as --with-gnu-ld --with-gxx-include-dir=/usr/local/lib/gcc-lib/i386-portbld-freebsd4.7/3.2.1/include/g++-v3 --with-system-zlib --includedir=/usr/local/lib/gcc-lib/i386-portbld-freebsd4.7/3.2.1/include/Java --disable-libgcj --disable-shared --prefix=/usr/local i386-portbld-freebsd4.7
>Description:
	When given a data with embbedded '\0' before the first '\r' occurrentce,
	tradcpp0 will dump core trying to dereference a null pointer.

	The following code in fixup_newlines function is problematic:

  p = (U_CHAR *) strchr ((const char *) fp->buf, '\r');
  *end = '\0';
  if (p == end)
    return;

  if (p > fp->buf && p[-1] == '\n')
    p--;
  q = p;
  while (p < end)
    switch (*p)
          ^^^^^ Crash happens here.

	With null character before the first '\r', strchr can return NULL,
	causing the crash later.
	
	Preprocessing binary data is questionable activity, but I think
	preprocessor should handle these mistakes gracefully.

>How-To-Repeat:
       tradcpp0 /etc on any system which allow directory opens (i.e. any BSD system)

>Fix:
	
Index: tradcpp.c
===================================================================
RCS file: /usr/ncvs/src/contrib/gcc/tradcpp.c,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 tradcpp.c
--- tradcpp.c	4 Dec 2002 15:40:06 -0000	1.1.1.5
+++ tradcpp.c	30 Jan 2003 20:13:45 -0000
@@ -2605,7 +2605,7 @@
 
   end = fp->buf + fp->length;
   *end = '\r';
-  p = (U_CHAR *) strchr ((const char *) fp->buf, '\r');
+  p = (U_CHAR *) memchr ((const char *) fp->buf, '\r', fp->length + 1);
   *end = '\0';
   if (p == end)
     return;
>Release-Note:
>Audit-Trail:
>Unformatted: