public inbox for java-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals
@ 2005-06-18 12:10 rmathew at gcc dot gnu dot org
  2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-06-18 12:10 UTC (permalink / raw)
  To: java-prs

There is a buffer overflow error in GCJ while reading in large FP literals, as 
shown by Jacks testcase 3.10.2-round-6 (and others). On my machine, this
manifests itself only when "parse.y" or "lex.c" is recompiled at -O0 after a
full bootstrap, like so:

  cd $GCC_SRC_DIR/gcc/java
  touch parse.y
  cd $BUILD_DIR
  make BOOT_CFLAGS='-O0 -g3' bubblestrap

Compile the attached testcase before and after this. In my case, it gives
the expected "Floating point literal too large error" only in the former
case.

The array "literal_token" in do_java_lex() in lex.c is 256 characters
long, but the subsequent code merrily overwrites long literals past this
limit. A silly patch to overcome this particular error is:

Index: lex.c
===================================================================
--- lex.c       2005-06-18 17:04:00.000000000 +0530
+++ lex.c       2005-06-18 17:06:14.000000000 +0530
@@ -965,7 +965,7 @@ do_java_lex (YYSTYPE *java_lval)
       int parts[TOTAL_PARTS];
       HOST_WIDE_INT high, low;
       /* End borrowed section.  */
-      char literal_token [256];
+      char literal_token [512];
       int  literal_index = 0, radix = 10, long_suffix = 0, overflow = 0, bytes;
       int  found_hex_digits = 0, found_non_octal_digits = -1;
       int  i;

But of course this won't do. We need to have a better fix for
this issue. I'm filing this bug so that we don't lose track of
this issue.

-- 
           Summary: Buffer overflow in the lexical analyser while reading FP
                    literals
           Product: gcc
           Version: 4.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: java
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: rmathew at gcc dot gnu dot org
                CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu
                    dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
  2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
@ 2005-06-18 12:11 ` rmathew at gcc dot gnu dot org
  2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-06-18 12:11 UTC (permalink / raw)
  To: java-prs


------- Additional Comments From rmathew at gcc dot gnu dot org  2005-06-18 12:11 -------
Created an attachment (id=9107)
 --> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=9107&action=view)
Jacks testcase 3.10.2-round-6 that demonstrates this problem.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
  2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
  2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
@ 2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
  2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
  2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
  3 siblings, 0 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-08-14 15:16 UTC (permalink / raw)
  To: java-prs


------- Additional Comments From rmathew at gcc dot gnu dot org  2005-08-14 15:16 -------
These days, this bug manifests itself on mainline regularly as:

  FAIL: 3.10.2-round-6

in the Jacks testsuite.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|                            |1
   Last reconfirmed|0000-00-00 00:00:00         |2005-08-14 15:16:01
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
  2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
  2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
  2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
@ 2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
  2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2005-08-16 18:47 UTC (permalink / raw)
  To: java-prs


------- Additional Comments From cvs-commit at gcc dot gnu dot org  2005-08-16 18:46 -------
Subject: Bug 22113

CVSROOT:	/cvs/gcc
Module name:	gcc
Changes by:	rmathew@gcc.gnu.org	2005-08-16 18:46:19

Modified files:
	gcc/java       : ChangeLog lex.c 

Log message:
	PR java/22113
	* lex.c (do_java_lex): Define MAX_TOKEN_LEN. Avoid overflowing
	`literal_token' for large numeric input tokens.

Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/java/ChangeLog.diff?cvsroot=gcc&r1=1.1657&r2=1.1658
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/java/lex.c.diff?cvsroot=gcc&r1=1.121&r2=1.122



-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
  2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
                   ` (2 preceding siblings ...)
  2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
@ 2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
  3 siblings, 0 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-08-16 18:49 UTC (permalink / raw)
  To: java-prs


------- Additional Comments From rmathew at gcc dot gnu dot org  2005-08-16 18:49 -------
Fix checked in.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED
   Target Milestone|---                         |4.1.0


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-08-16 18:49 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
2005-08-16 18:49 ` rmathew at gcc dot gnu dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).