Re: [pph] Buffer overrun in preprocessor symbol replay

2011-03-10 Thread Diego Novillo 

On 11-03-09 09:01 PM, Lawrence Crowl wrote:


Index: gcc/cp/ChangeLog.pph

2011-03-09  Lawrence Crowl  cr...@google.com

* pph.c (pth_dump_identifiers): Split cpp_idents_used::max_length
into max_ident_length and max_value_length.
(pth_save_identifiers): Likewise.
(pth_load_identifiers): Likewise.

Index: libcpp/ChangeLog.pph

2011-03-09  Lawrence Crowl cr...@google.com

* include/symtab.h (struct cpp_idents_used): Split max_length
into max_ident_len and max_value_len.
* internal.h (struct cpp_lookaside): Split max_length into
max_ident_len and max_value_len.
* symtab.c (cpp_lt_create): Split cpp_lookaside::max_length
into max_ident_len and max_value_len.
* (lt_macro_value): Likewise.
* (lt_lookup): Likewise.
* (cpp_lt_capture): Likewise.  Also split cpp_idents_used::max_lenth
into max_ident_len and max_value_len.
* (cpp_lt_replay): Split cpp_idents_used::max_lenth into
max_ident_len and max_value_len.  Allocate a buffer with the sum.


OK with minor nit.


unsigned int num_entries, id;

num_entries = identifiers-num_entries;
!   pph_output_uint (stream, identifiers-max_ident_len);
!   pph_output_uint (stream, identifiers-max_value_len);
pph_output_uint (stream, num_entries);

for ( id = 0; id  num_entries; ++id )


Extra space around '(' and ')' (this was there already, but I just noticed.)

Thanks for the quick fix!  Were these the 3-4 ICEs I had noticed in pth.exp?


Diego.

[pph] Buffer overrun in preprocessor symbol replay

2011-03-09 Thread Lawrence Crowl 
In my last PPH change, I eliminated the redundancy in the preprocessor
identifier lookaside table by removing the name of the identifier from
the head of the macro value.  This later led to a buffer overrun in
libcpp/symtab.c cpp_lt_replay.  The buffer was allocated based on the
value string size, which is was no longer large enough to hold the
definition string.

Split cpp_idents_used::max_length and cpp_lookaside::max_length into
max_ident_len and max_value_len.  In cpp_lt_replay, allocate the
buffer based on the sum of max_ident_len and max_value_len.

-- 
Lawrence Crowl


src.change
Description: Binary data
Index: gcc/cp/pph.c
===
*** gcc/cp/pph.c	(revision 170837)
--- gcc/cp/pph.c	(working copy)
*** pth_dump_identifiers (FILE *stream, cpp_
*** 502,509 
  {
unsigned int idx, col = 1;
  
!   fprintf (stream, %u identifiers up to %u chars\n,
!identifiers-num_entries, identifiers-max_length);
for (idx = 0; idx  identifiers-num_entries; ++idx)
  {
cpp_ident_use *ident = identifiers-entries + idx;
--- 502,510 
  {
unsigned int idx, col = 1;
  
!   fprintf (stream, %u identifiers up to %u chars, vals to %u chars\n,
!identifiers-num_entries, identifiers-max_ident_len,
!identifiers-max_value_len);
for (idx = 0; idx  identifiers-num_entries; ++idx)
  {
cpp_ident_use *ident = identifiers-entries + idx;
*** pth_save_identifiers (cpp_idents_used *i
*** 793,814 
unsigned int num_entries, id;
  
num_entries = identifiers-num_entries;
!   pph_output_uint (stream, identifiers-max_length);
pph_output_uint (stream, num_entries);
  
for ( id = 0; id  num_entries; ++id )
  {
cpp_ident_use *entry = identifiers-entries + id;
  
!   gcc_assert (entry-ident_len = identifiers-max_length);
pph_output_string_with_length (stream, entry-ident_str,
   entry-ident_len);
  
!   gcc_assert (entry-before_len = identifiers-max_length);
pph_output_string_with_length (stream, entry-before_str,
   entry-before_len);
  
!   gcc_assert (entry-after_len = identifiers-max_length);
pph_output_string_with_length (stream, entry-after_str,
   entry-after_len);
  }
--- 794,816 
unsigned int num_entries, id;
  
num_entries = identifiers-num_entries;
!   pph_output_uint (stream, identifiers-max_ident_len);
!   pph_output_uint (stream, identifiers-max_value_len);
pph_output_uint (stream, num_entries);
  
for ( id = 0; id  num_entries; ++id )
  {
cpp_ident_use *entry = identifiers-entries + id;
  
!   gcc_assert (entry-ident_len = identifiers-max_ident_len);
pph_output_string_with_length (stream, entry-ident_str,
   entry-ident_len);
  
!   gcc_assert (entry-before_len = identifiers-max_value_len);
pph_output_string_with_length (stream, entry-before_str,
   entry-before_len);
  
!   gcc_assert (entry-after_len = identifiers-max_value_len);
pph_output_string_with_length (stream, entry-after_str,
   entry-after_len);
  }
*** static void
*** 1025,1035 
  pth_load_identifiers (cpp_idents_used *identifiers, pph_stream *stream)
  {
unsigned int j;
!   unsigned int max_length, num_entries;
unsigned int ident_len, before_len, after_len;
  
!   max_length = pph_input_uint (stream);
!   identifiers-max_length = max_length;
num_entries = pph_input_uint (stream);
identifiers-num_entries = num_entries;
identifiers-entries = XCNEWVEC (cpp_ident_use, num_entries);
--- 1027,1039 
  pth_load_identifiers (cpp_idents_used *identifiers, pph_stream *stream)
  {
unsigned int j;
!   unsigned int max_ident_len, max_value_len, num_entries;
unsigned int ident_len, before_len, after_len;
  
!   max_ident_len = pph_input_uint (stream);
!   identifiers-max_ident_len = max_ident_len;
!   max_value_len = pph_input_uint (stream);
!   identifiers-max_value_len = max_value_len;
num_entries = pph_input_uint (stream);
identifiers-num_entries = num_entries;
identifiers-entries = XCNEWVEC (cpp_ident_use, num_entries);
Index: libcpp/symtab.c
===
*** libcpp/symtab.c	(revision 170837)
--- libcpp/symtab.c	(working copy)
*** cpp_lt_create (unsigned int order, unsig
*** 411,417 
table-sticky_order = order;
table-active = 0;
  
!   table-max_length = 0;
table-strings = XCNEW (struct obstack);
/* Strings need no alignment.  */
_obstack_begin (table-strings, 0, 0,
--- 411,418 
table-sticky_order = order;
table-active = 0;
  
!   table-max_ident_len = 0;
!   table-max_value_len = 0;
table-strings = XCNEW (struct obstack);
/* Strings need no alignment.  */
_obstack_begin (table-strings, 0, 0,
*** lt_macro_value (const char** string, cpp
*** 556,563