On 09/26/14 06:21, Bernd Edlinger wrote:
Comment before this change. Someone not familiar with this code is going to have no idea why these two lines exist.> >Hi, > >this patch fixes PR58893, which is an access to uninitialized memory, which may or may not crash in >linemap_resolve_location, or just print error messages with bogus location. > >When the first -include file is processed we have the case, where >pfile->cur_token == pfile->cur_run->base, this is directly called >by the front end. However in the case of the second -include file, >this is called from _cpp_lex_token -> _cpp_get_fresh_line -> >cpp_push_include, with pfile->cur_token != pfile->cur_run->base, >and pfile->cur_token[-1].src_loc and token not (yet) initialized. >The problem is, when the include file cannot be found, we need >src_loc to be initialized to some safe value: 0 means UNKNOWN_LOCATION. > >Regarding the hunk in cpp_diagnostic, which is not directly involved >in this bug, but it is still obviously wrong: > >The line "src_loc = pfile->cur_run->prev->limit->src_loc" >is probably unreachable, but will crash it is ever executed. > >see: > >_cpp_init_tokenrun (tokenrun *run, unsigned int count) >{ >run->base = XNEWVEC (cpp_token, count); >run->limit = run->base + count; >run->next = NULL; >} > >so, limit points at the end of the run. > > >Boot-Strapped and Regression-tested on x86_64-linux-gnu >Ok for trunk? > > >Thanks >Bernd. >changelog-pr58893.txt 2014-09-26 Bernd Edlinger<bernd.edlin...@hotmail.de> PR preprocessor/58893 * errors.c (cpp_diagnostic): Fix possible out of bounds access. * files.c (_cpp_stack_include): Initialize src_loc for IT_CMDLINE. patch-pr58893.diff --- libcpp/errors.c 2014-01-02 23:24:45.000000000 +0100 +++ libcpp/errors.c 2014-09-24 10:30:33.708048505 +0200 @@ -48,10 +48,7 @@ cpp_diagnostic (cpp_reader * pfile, int current run -- that is invalid. */ else if (pfile->cur_token == pfile->cur_run->base) { - if (pfile->cur_run->prev != NULL) - src_loc = pfile->cur_run->prev->limit->src_loc; - else - src_loc = 0; + src_loc = 0; } else { --- libcpp/files.c 2014-05-21 20:54:12.000000000 +0200 +++ libcpp/files.c 2014-09-24 10:35:47.191117490 +0200 @@ -991,6 +991,9 @@ _cpp_stack_include (cpp_reader *pfile, c _cpp_file *file; bool stacked; + if (type == IT_CMDLINE && pfile->cur_token != pfile->cur_run->base) + pfile->cur_token[-1].src_loc = 0;
Please try to include a testcase. If you're having trouble reproducing on the trunk, you could use MALLOC_PERTURB per c#8 in the bug report. If there's a way to set environment variables in our testing framework that may be a reasonable way to test (if you need to do that, limit testing to linux targets as we'll have a dependency on glibc features).
jeff
