Alexey Froloff wrote:
> /* My free translation of
> * https://bugzilla.altlinux.org/show_bug.cgi?id=3D10911 */
>
> i586-alt-linux-gcc (GCC) 4.1.1 20070105 (ALT Linux, build
> 4.1.1-alt11)
> glibc 2.5 (glibc-2_5-branch snapshot 20070112)
>
> Vim built with CFLAGS containing -fstack-protector (turned on by
> default in gcc).
>
> All Vim flavors dies when trying to execute example from ":help
> self":
>
> :function Mylen() dict
> : return len(self.data)
> :endfunction
> :let mydict =3D {'data': [0, 1, 2, 3], 'len': function("Mylen")}
> :echo mydict.len()
>
> #0 0x00002aaaacd333a5 in raise () from /lib64/libc.so.6
> #1 0x00002aaaacd34730 in abort () from /lib64/libc.so.6
> #2 0x00002aaaacd68ebb in __fsetlocking () from /lib64/libc.so.6
> #3 0x00002aaaacdd04ff in __chk_fail () from /lib64/libc.so.6
> #4 0x0000000000457a64 in call_func (name=3D0x857e90 "Mylen", len=3DVariabl=
> e "len" is not available.) at eval.c:19832
> #5 0x000000000045a8dc in get_func_tv (name=3D0x857e90 "Mylen", len=3D5, re=
> ttv=3D0x7fff452d7cd0, arg=3D0x7fff452d7ce8, firstline=3D494,=20
> lastline=3D494, doesrange=3D0x7fff452d77fc, evaluate=3D1, selfdict=3D0x=
> 921410) at eval.c:7411
[...]
>
> There's a compiler warning while building vim:
>
> eval.c: In function 'call_func':
> eval.c:19832: warning: call to __builtin___strcpy_chk will always overflow
> destination buffer
>
> Situation id: dictitem_T declared as:
>
> /*
> * Structure to hold an item of a Dictionary.
> * Also used for a variable.
> * The key is copied into "di_key" to avoid an extra alloc/free for it.
> */
> struct dictitem_S
> {
> typval_T di_tv; /* type and value of the variable */
> char_u di_flags; /* flags (only used for variable) */
> char_u di_key[1]; /* key (actually longer!) */
> };
>
> typedef struct dictitem_S dictitem_T;
>
> eval.c:call_user_func() have code:
>
> funccall_T fc;
> dictitem_T *v;
> char_u *name;
> ...
> /* Set l:self to "selfdict". Use "name" to avoid a warning from
> * some compiler that checks the destination size. */
> v = &fc.fixvar[fixvar_idx++].var;
> name = v->di_key;
> STRCPY(name, "self");
>
> Using "name" can't help to hide copying to di_key, which is one
> element char array. funccall_S is declared as:
>
> struct funccall_S
> {
> ...
> struct /* fixed variables for arguments */
> {
> dictitem_T var; /* variable (without room for name) */
> char_u room[VAR_SHORT_LEN]; /* room for the name */
> } fixvar[FIXVAR_CNT];
> ...
> };
>
> So var.di_name will be always overflowed, filling "room".
Which is OK. The compiler is whining.
> OpenSUSE, which also have -fstack-protector turned on by default,
> is using attached patch...
>
> --
> Regards,
> Sir Raorn.
>
> --wzJLGUyc3ArbnUjN
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="vim-7.0-flex-array.diff"
> Content-Transfer-Encoding: quoted-printable
>
> --- src/structs.h.sav 2007-02-02 11:31:05.000000000 +0100
> +++ src/structs.h 2007-02-02 11:31:14.000000000 +0100
> @@ -1082,7 +1082,7 @@
> {
> typval_T di_tv; /* type and value of the variable */
> char_u di_flags; /* flags (only used for variable) */
> - char_u di_key[1]; /* key (actually longer!) */
> + char_u di_key[]; /* key (actually longer!) */
> };
This won't work for standard C compilers, they will complain about
unkown size for di_key.
The problem is in the compiler, so fix the compiler. Or perhaps there
is a way to silence the compiler?
--
If Apple would build a car...
... it would be powered by the sun, be reliable, five times
as fast and twice as easy to drive; but would only run on
five percent of the roads.
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
