We have in c-common.c:
#define DEF_BUILTIN(ENUM, NAME, CLASS, TYPE, LIBTYPE, BOTH_P, FALLBACK_P, \
NONANSI_P, ATTRS, IMPLICIT, COND) \
if (NAME && COND) \
def_builtin_1 (ENUM, NAME, CLASS, \
builtin_types[(int) TYPE], \
builtin_types[(int) LIBTYPE], \
BOTH_P, FALLBACK_P, NONANSI_P, \
built_in_attributes[(int) ATTRS], IMPLICIT);
and in builtins.def
#define DEF_GCC_BUILTIN(ENUM, NAME, TYPE, ATTRS) \
DEF_BUILTIN (ENUM, "__builtin_" NAME, BUILT_IN_NORMAL, TYPE, BT_LAST, \
false, false, false, ATTRS, true, true)
so this line in builtins.def
DEF_GCC_BUILTIN (BUILT_IN_HUGE_VAL, "huge_val", BT_FN_DOUBLE,
ATTR_CONST_NOTHROW_LIST)
expands to
if ("__builtin_" "huge_val" && 1) def_builtin_1 (BUILT_IN_HUGE_VAL, "__builtin_"
"huge_val", BUILT_IN_NORMAL, builtin_types[(int) BT_FN_DOUBLE],
builtin_types[(int) BT_LAST], 0, 0, 0, built_in_attributes[(int)
ATTR_CONST_NOTHROW_LIST], 1);
but builtin_types is declared in c-common.c as
tree builtin_types[(int) BT_LAST];
so the access "builtin_types[(int) BT_LAST]" exceeds the array bounds.
--
Summary: Bad array access in DEF_GCC_BUILTIN
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: falk at debian dot org
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23506
