re PR preprocessor/8055 (PATCH: cpp0 dies with SIG11 when building FreeBSD kernel)

2002-09-27 Alexander N. Kabaev <ak03@gte.com> PR preprocessor/8055 * cppmacro.c (stringify_arg): Do not overflow the buffer with the terminating NUL when the argument to be stringified has no tokens. * testsuite/gcc.dg/cpp/20020927-1.c: New. From-SVN: r57599
author: Zack Weinberg <zack@gcc.gnu.org> 2002-09-28 00:30:37 +0000
committer: Zack Weinberg <zack@gcc.gnu.org> 2002-09-28 00:30:37 +0000
commit: 57147be1b61543b6ae26836c03f7138e3121ecfe (patch)
tree: e9272d171d25a90ccbdb45733b655a0414aae29c /gcc
parent: b1af5a30a54316b085b979805a6bced0ff93a7b1 (diff)
download: gcc-57147be1b61543b6ae26836c03f7138e3121ecfe.zip
gcc-57147be1b61543b6ae26836c03f7138e3121ecfe.tar.gz
gcc-57147be1b61543b6ae26836c03f7138e3121ecfe.tar.bz2
4 files changed, 118 insertions, 10 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index c354cf9..2af02d4 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2002-09-27  Alexander N. Kabaev <ak03@gte.com>
+
+	PR preprocessor/8055
+	* cppmacro.c (stringify_arg): Do not overflow the buffer
+	with the terminating NUL when the argument to be stringified
+	has no tokens.
+
 2002-09-27  Richard Henderson  <rth@redhat.com>
 
 	* unroll.c (simplify_cmp_and_jump_insns): New.
@@ -74,7 +81,7 @@
 
 	* dbxout.c (FORCE_TEXT): Switch to current_function_decl, not
 	text_section.
-	* xcoffout.h (DBX_STATIC_BLOCK_START): Remove explicit change to 
+	* xcoffout.h (DBX_STATIC_BLOCK_START): Remove explicit change to
 	text section.
 	* config/rs6000/rs6000.c (rs6000_override_options): Allow
 	function-sections and data-sections functionality on AIX.
@@ -143,12 +150,12 @@
 
 2002-09-24  Eric Christopher  <echristo@redhat.com>
 
-        * config/mips/elf.h: Add HANDLE_SYSV_PRAGMA.
-        * config/mips/elf64.h: Ditto.
+	* config/mips/elf.h: Add HANDLE_SYSV_PRAGMA.
+	* config/mips/elf64.h: Ditto.
 
 2002-09-24  Eric Christopher  <echristo@redhat.com>
 
-        * except.c (expand_builtin_extract_return_address): Handle case
+	* except.c (expand_builtin_extract_return_address): Handle case
 	where Pmode != ptr_mode.
 
 2002-09-26  Steve Ellcey  <sje@cup.hp.com>
@@ -224,11 +231,11 @@
 
 2002-09-24  Adam Nemet  <anemet@lnxw.com>
 
-        * config/arm/arm.c (thumb_unexpanded_epilogue): Don't generate
-        epilogue for naked functions.
+	* config/arm/arm.c (thumb_unexpanded_epilogue): Don't generate
+	epilogue for naked functions.
 
 2002-09-24  Adam Nemet  <anemet@lnxw.com>
-            Nick Clifton  <nickc@redhat.com>
+	    Nick Clifton  <nickc@redhat.com>
 
 	* config/arm/arm.h (THUMB_FUNCTION_PROFILER): Remove.
 	(FUNCTION_PROFILER): Only invoke THUMB_FUNCTION_PROFILER if it
diff --git a/gcc/cppmacro.c b/gcc/cppmacro.c
index b8fb792..113b20d 100644
--- a/gcc/cppmacro.c
+++ b/gcc/cppmacro.c
@@ -409,6 +409,12 @@ stringify_arg (pfile, arg)
     }
 
   /* Commit the memory, including NUL, and return the token.  */
+  if ((size_t) (BUFF_LIMIT (pfile->u_buff) - dest) < 1)
+    {
+      size_t len_so_far = dest - BUFF_FRONT (pfile->u_buff);
+      _cpp_extend_buff (pfile, &pfile->u_buff, 1);
+      dest = BUFF_FRONT (pfile->u_buff) + len_so_far;
+    }
   len = dest - BUFF_FRONT (pfile->u_buff);
   BUFF_FRONT (pfile->u_buff) = dest + 1;
   return new_string_token (pfile, dest - len, len);
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index d211f1b..b5bea3d 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,7 @@
+2002-09-27  Zack Weinberg  <zack@codesourcery.com>
+
+	* gcc.dg/cpp/20020927-1.c: New.
+
 2002-09-26  David S. Miller  <davem@redhat.com>
 
 	* gcc.c-torture/compile/trunctfdf.c: New.
@@ -98,7 +102,7 @@ Tue Sep 17 13:59:45 2002  Nicola Pero  <n.pero@mi.flashnet.it>
 	* objc.dg/comp-types-3.m: New test.
 	* objc.dg/comp-types-4.m: New test.
 	* objc.dg/comp-types-5.m: New test.
-	* objc.dg/comp-types-6.m: New test.	
+	* objc.dg/comp-types-6.m: New test.
 
 2002-09-17  John David Anglin  <dave@hiauly1.hia.nrc.ca>
 
@@ -107,9 +111,9 @@ Tue Sep 17 13:59:45 2002  Nicola Pero  <n.pero@mi.flashnet.it>
 2002-09-16  Nathan Sidwell  <nathan@codesourcery.com>
 
 	* g++.dg/other/do1.C: New test.
-	
+
 	* g++.dg/template/subst1.C: New test.
-	
+
 2002-09-16  Steve Ellcey  <sje@cup.hp.com>
 
 	* gcc.dg/20020312-2.c: Change __parisc__ to __hppa__.
diff --git a/gcc/testsuite/gcc.dg/cpp/20020927-1.c b/gcc/testsuite/gcc.dg/cpp/20020927-1.c
new file mode 100644
index 0000000..91f8951
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/cpp/20020927-1.c
@@ -0,0 +1,91 @@
+/* Test case for buffer overflow bug in token stringification.
+   See PR preprocessor/8055 for details.
+   Reported by Alexander N. Kabaev <ak03@gte.com>.
+   Test case written by Zack Weinberg <zack@codesourcery.com>.  */
+
+/* { dg-do preprocess } */
+
+#define S(x) #x
+
+/* Fill up one internal buffer with data.  */
+S(1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  1234567890123456789012345678901234567890123456789012345678901234567890
+  12345678901234567890123456789012345678901234567890123456789012345)
+
+/* When stringify_arg() was called with an empty macro argument, it would
+   advance the buffer pointer by one but fail to check for running past the
+   end of the buffer.  We can only know where the end of the buffer is to
+   within about eight bytes, so do this sixteen times to be sure of hitting
+   it.  */
+
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+
+/* Now allocate more memory in the buffer, which should provoke a crash.  */
+
+S(abcdefghijklmnopqrstuvwxyz)
+S(abcdefghijklmnopqrstuvwxyz)
author	Zack Weinberg <zack@gcc.gnu.org>	2002-09-28 00:30:37 +0000
committer	Zack Weinberg <zack@gcc.gnu.org>	2002-09-28 00:30:37 +0000
commit	57147be1b61543b6ae26836c03f7138e3121ecfe (patch)
tree	e9272d171d25a90ccbdb45733b655a0414aae29c /gcc
parent	b1af5a30a54316b085b979805a6bced0ff93a7b1 (diff)
download	gcc-57147be1b61543b6ae26836c03f7138e3121ecfe.zip gcc-57147be1b61543b6ae26836c03f7138e3121ecfe.tar.gz gcc-57147be1b61543b6ae26836c03f7138e3121ecfe.tar.bz2