public inbox for java-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals
@ 2005-06-18 12:10 rmathew at gcc dot gnu dot org
2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-06-18 12:10 UTC (permalink / raw)
To: java-prs
There is a buffer overflow error in GCJ while reading in large FP literals, as
shown by Jacks testcase 3.10.2-round-6 (and others). On my machine, this
manifests itself only when "parse.y" or "lex.c" is recompiled at -O0 after a
full bootstrap, like so:
cd $GCC_SRC_DIR/gcc/java
touch parse.y
cd $BUILD_DIR
make BOOT_CFLAGS='-O0 -g3' bubblestrap
Compile the attached testcase before and after this. In my case, it gives
the expected "Floating point literal too large error" only in the former
case.
The array "literal_token" in do_java_lex() in lex.c is 256 characters
long, but the subsequent code merrily overwrites long literals past this
limit. A silly patch to overcome this particular error is:
Index: lex.c
===================================================================
--- lex.c 2005-06-18 17:04:00.000000000 +0530
+++ lex.c 2005-06-18 17:06:14.000000000 +0530
@@ -965,7 +965,7 @@ do_java_lex (YYSTYPE *java_lval)
int parts[TOTAL_PARTS];
HOST_WIDE_INT high, low;
/* End borrowed section. */
- char literal_token [256];
+ char literal_token [512];
int literal_index = 0, radix = 10, long_suffix = 0, overflow = 0, bytes;
int found_hex_digits = 0, found_non_octal_digits = -1;
int i;
But of course this won't do. We need to have a better fix for
this issue. I'm filing this bug so that we don't lose track of
this issue.
--
Summary: Buffer overflow in the lexical analyser while reading FP
literals
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: java
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: rmathew at gcc dot gnu dot org
CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu
dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
@ 2005-06-18 12:11 ` rmathew at gcc dot gnu dot org
2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-06-18 12:11 UTC (permalink / raw)
To: java-prs
------- Additional Comments From rmathew at gcc dot gnu dot org 2005-06-18 12:11 -------
Created an attachment (id=9107)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=9107&action=view)
Jacks testcase 3.10.2-round-6 that demonstrates this problem.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
@ 2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
3 siblings, 0 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-08-14 15:16 UTC (permalink / raw)
To: java-prs
------- Additional Comments From rmathew at gcc dot gnu dot org 2005-08-14 15:16 -------
These days, this bug manifests itself on mainline regularly as:
FAIL: 3.10.2-round-6
in the Jacks testsuite.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Last reconfirmed|0000-00-00 00:00:00 |2005-08-14 15:16:01
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
@ 2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2005-08-16 18:47 UTC (permalink / raw)
To: java-prs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-08-16 18:46 -------
Subject: Bug 22113
CVSROOT: /cvs/gcc
Module name: gcc
Changes by: rmathew@gcc.gnu.org 2005-08-16 18:46:19
Modified files:
gcc/java : ChangeLog lex.c
Log message:
PR java/22113
* lex.c (do_java_lex): Define MAX_TOKEN_LEN. Avoid overflowing
`literal_token' for large numeric input tokens.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/java/ChangeLog.diff?cvsroot=gcc&r1=1.1657&r2=1.1658
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/java/lex.c.diff?cvsroot=gcc&r1=1.121&r2=1.122
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug java/22113] Buffer overflow in the lexical analyser while reading FP literals
2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
` (2 preceding siblings ...)
2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
@ 2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
3 siblings, 0 replies; 5+ messages in thread
From: rmathew at gcc dot gnu dot org @ 2005-08-16 18:49 UTC (permalink / raw)
To: java-prs
------- Additional Comments From rmathew at gcc dot gnu dot org 2005-08-16 18:49 -------
Fix checked in.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Target Milestone|--- |4.1.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22113
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-08-16 18:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-06-18 12:10 [Bug java/22113] New: Buffer overflow in the lexical analyser while reading FP literals rmathew at gcc dot gnu dot org
2005-06-18 12:11 ` [Bug java/22113] " rmathew at gcc dot gnu dot org
2005-08-14 15:16 ` rmathew at gcc dot gnu dot org
2005-08-16 18:47 ` cvs-commit at gcc dot gnu dot org
2005-08-16 18:49 ` rmathew at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).