public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
* Re: libobjc/10742: objc_lookup_class() called with illegal argument
@ 2003-05-15 9:40 nicola
0 siblings, 0 replies; 3+ messages in thread
From: nicola @ 2003-05-15 9:40 UTC (permalink / raw)
To: gcc-bugs, gcc-prs, nicola, nobody, richard
Synopsis: objc_lookup_class() called with illegal argument
Responsible-Changed-From-To: unassigned->nicola
Responsible-Changed-By: nicola
Responsible-Changed-When: Thu May 15 09:40:17 2003
Responsible-Changed-Why:
I'm taking it.
State-Changed-From-To: open->closed
State-Changed-By: nicola
State-Changed-When: Thu May 15 09:40:17 2003
State-Changed-Why:
Fixed on CVS. Thanks Richard.
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=10742
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: libobjc/10742: objc_lookup_class() called with illegal argument
@ 2003-05-14 6:26 Dara Hazeghi
0 siblings, 0 replies; 3+ messages in thread
From: Dara Hazeghi @ 2003-05-14 6:26 UTC (permalink / raw)
To: nobody; +Cc: gcc-prs
The following reply was made to PR libobjc/10742; it has been noted by GNATS.
From: Dara Hazeghi <dhazeghi@yahoo.com>
To: gcc-gnats@gcc.gnu.org, nobody@gcc.gnu.org, richard@brainstorm.co.uk
Cc:
Subject: Re: libobjc/10742: objc_lookup_class() called with illegal argument
Date: Tue, 13 May 2003 23:23:12 -0700
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-
trail&database=gcc&pr=10742
Hello,
you might want to submit this patch to the gcc-patches mailing list, if
you're sure of its correctness. If not, I suggest coming up with a
patch which demonstrates the bug you claim exists, attaching it here,
and then sending off to gcc-patches. Thanks,
Dara
^ permalink raw reply [flat|nested] 3+ messages in thread
* libobjc/10742: objc_lookup_class() called with illegal argument
@ 2003-05-12 8:46 richard
0 siblings, 0 replies; 3+ messages in thread
From: richard @ 2003-05-12 8:46 UTC (permalink / raw)
To: gcc-gnats
>Number: 10742
>Category: libobjc
>Synopsis: objc_lookup_class() called with illegal argument
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 12 08:46:01 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: richard@brainstorm.co.uk
>Release: gcc (GCC) 3.4 20030510 and earlier
>Organization:
>Environment:
gnu/linux intel, but will apply to other systems too.
>Description:
When a class is loaded into the runtime, the fields in the class structure which normally link to other classes are actually pointers to strings contaningin the names of those classes, and these pointers are replaced by links to the actual classes during the load process.
In various places in the runtime file init.c, the code calls objc_lookup_class() passing it the value from class->super_class on the assumption that it is the name of the classes superclass. However, this is not always the case, and pointers to classes can be passed as if they were strings. This can result in objc_lookup_class causing a segmentation violation when it does not find a nul terminator in the 'string' it is given.
>How-To-Repeat:
>Fix:
The attached patch fixes this problem by using a new static function which checks to see whether the class links have been resolved and only trying to use them as string if they have not yet been changed to class pointers.
>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/plain; name="init.c.diff"
Content-Disposition: inline; filename="init.c.diff"
*** init.c.old Sun May 11 07:14:11 2003
--- init.c Sun May 11 07:13:52 2003
***************
*** 99,104 ****
--- 99,115 ----
should not be destroyed during the execution of the program. */
static cache_ptr __objc_load_methods = NULL;
+ /* Return the super class by resorting to objc_lookup_class()
+ if links are not yet resolved. */
+ static Class lookup_super(Class class)
+ {
+ if (class->super_class == Nil)
+ return Nil;
+ if (CLS_ISRESOLV(class))
+ return class->super_class;
+ return objc_lookup_class((char*)class->super_class);
+ }
+
/* Creates a tree of classes whose topmost class is directly inherited
from `upper' and the bottom class in this tree is
`bottom_class'. The classes in this tree are super classes of
***************
*** 108,117 ****
static objc_class_tree *
create_tree_of_subclasses_inherited_from (Class bottom_class, Class upper)
{
! Class superclass = bottom_class->super_class ?
! objc_lookup_class ((char *) bottom_class->super_class)
! : Nil;
!
objc_class_tree *tree, *prev;
DEBUG_PRINTF ("create_tree_of_subclasses_inherited_from:");
--- 119,126 ----
static objc_class_tree *
create_tree_of_subclasses_inherited_from (Class bottom_class, Class upper)
{
! Class superclass = lookup_super(bottom_class);
!
objc_class_tree *tree, *prev;
DEBUG_PRINTF ("create_tree_of_subclasses_inherited_from:");
***************
*** 122,135 ****
tree = prev = objc_calloc (1, sizeof (objc_class_tree));
prev->class = bottom_class;
! while (superclass != upper)
{
tree = objc_calloc (1, sizeof (objc_class_tree));
tree->class = superclass;
tree->subclasses = list_cons (prev, tree->subclasses);
! superclass = (superclass->super_class ?
! objc_lookup_class ((char *) superclass->super_class)
! : Nil);
prev = tree;
}
--- 131,142 ----
tree = prev = objc_calloc (1, sizeof (objc_class_tree));
prev->class = bottom_class;
! while (superclass != Nil && superclass != upper)
{
tree = objc_calloc (1, sizeof (objc_class_tree));
tree->class = superclass;
tree->subclasses = list_cons (prev, tree->subclasses);
! superclass = lookup_super(superclass);
prev = tree;
}
***************
*** 157,166 ****
DEBUG_PRINTF ("1. class %s was previously inserted\n", class->name);
return tree;
}
! else if ((class->super_class ?
! objc_lookup_class ((char *) class->super_class)
! : Nil)
! == tree->class)
{
/* If class is a direct subclass of tree->class then add class to the
list of subclasses. First check to see if it wasn't already
--- 164,170 ----
DEBUG_PRINTF ("1. class %s was previously inserted\n", class->name);
return tree;
}
! else if (lookup_super(class) == tree->class)
{
/* If class is a direct subclass of tree->class then add class to the
list of subclasses. First check to see if it wasn't already
***************
*** 370,378 ****
{
if (class == superclass)
return YES;
! class = (class->super_class ?
! objc_lookup_class ((char *) class->super_class)
! : Nil);
}
return NO;
--- 374,380 ----
{
if (class == superclass)
return YES;
! class = lookup_super(class);
}
return NO;
***************
*** 562,568 ****
/* Check to see if the superclass is known in this point. If it's not
add the class to the unresolved_classes list. */
! if (superclass && ! objc_lookup_class (superclass))
unresolved_classes = list_cons (class, unresolved_classes);
}
--- 564,570 ----
/* Check to see if the superclass is known in this point. If it's not
add the class to the unresolved_classes list. */
! if (superclass && ! lookup_super (class))
unresolved_classes = list_cons (class, unresolved_classes);
}
***************
*** 674,680 ****
{
Class class = unresolved_classes->head;
! while (objc_lookup_class ((char *) class->super_class))
{
list_remove_head (&unresolved_classes);
if (unresolved_classes)
--- 676,682 ----
{
Class class = unresolved_classes->head;
! while (lookup_super (class))
{
list_remove_head (&unresolved_classes);
if (unresolved_classes)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-05-15 9:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-05-15 9:40 libobjc/10742: objc_lookup_class() called with illegal argument nicola
-- strict thread matches above, loose matches on Subject: below --
2003-05-14 6:26 Dara Hazeghi
2003-05-12 8:46 richard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).