aboutsummaryrefslogtreecommitdiff
path: root/gcc
diff options
context:
space:
mode:
Diffstat (limited to 'gcc')
-rw-r--r--gcc/ChangeLog21
-rw-r--r--gcc/cppmacro.c6
-rw-r--r--gcc/testsuite/ChangeLog10
-rw-r--r--gcc/testsuite/gcc.dg/cpp/20020927-1.c91
4 files changed, 118 insertions, 10 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index c354cf9..2af02d4 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,10 @@
+2002-09-27 Alexander N. Kabaev <ak03@gte.com>
+
+ PR preprocessor/8055
+ * cppmacro.c (stringify_arg): Do not overflow the buffer
+ with the terminating NUL when the argument to be stringified
+ has no tokens.
+
2002-09-27 Richard Henderson <rth@redhat.com>
* unroll.c (simplify_cmp_and_jump_insns): New.
@@ -74,7 +81,7 @@
* dbxout.c (FORCE_TEXT): Switch to current_function_decl, not
text_section.
- * xcoffout.h (DBX_STATIC_BLOCK_START): Remove explicit change to
+ * xcoffout.h (DBX_STATIC_BLOCK_START): Remove explicit change to
text section.
* config/rs6000/rs6000.c (rs6000_override_options): Allow
function-sections and data-sections functionality on AIX.
@@ -143,12 +150,12 @@
2002-09-24 Eric Christopher <echristo@redhat.com>
- * config/mips/elf.h: Add HANDLE_SYSV_PRAGMA.
- * config/mips/elf64.h: Ditto.
+ * config/mips/elf.h: Add HANDLE_SYSV_PRAGMA.
+ * config/mips/elf64.h: Ditto.
2002-09-24 Eric Christopher <echristo@redhat.com>
- * except.c (expand_builtin_extract_return_address): Handle case
+ * except.c (expand_builtin_extract_return_address): Handle case
where Pmode != ptr_mode.
2002-09-26 Steve Ellcey <sje@cup.hp.com>
@@ -224,11 +231,11 @@
2002-09-24 Adam Nemet <anemet@lnxw.com>
- * config/arm/arm.c (thumb_unexpanded_epilogue): Don't generate
- epilogue for naked functions.
+ * config/arm/arm.c (thumb_unexpanded_epilogue): Don't generate
+ epilogue for naked functions.
2002-09-24 Adam Nemet <anemet@lnxw.com>
- Nick Clifton <nickc@redhat.com>
+ Nick Clifton <nickc@redhat.com>
* config/arm/arm.h (THUMB_FUNCTION_PROFILER): Remove.
(FUNCTION_PROFILER): Only invoke THUMB_FUNCTION_PROFILER if it
diff --git a/gcc/cppmacro.c b/gcc/cppmacro.c
index b8fb792..113b20d 100644
--- a/gcc/cppmacro.c
+++ b/gcc/cppmacro.c
@@ -409,6 +409,12 @@ stringify_arg (pfile, arg)
}
/* Commit the memory, including NUL, and return the token. */
+ if ((size_t) (BUFF_LIMIT (pfile->u_buff) - dest) < 1)
+ {
+ size_t len_so_far = dest - BUFF_FRONT (pfile->u_buff);
+ _cpp_extend_buff (pfile, &pfile->u_buff, 1);
+ dest = BUFF_FRONT (pfile->u_buff) + len_so_far;
+ }
len = dest - BUFF_FRONT (pfile->u_buff);
BUFF_FRONT (pfile->u_buff) = dest + 1;
return new_string_token (pfile, dest - len, len);
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index d211f1b..b5bea3d 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,7 @@
+2002-09-27 Zack Weinberg <zack@codesourcery.com>
+
+ * gcc.dg/cpp/20020927-1.c: New.
+
2002-09-26 David S. Miller <davem@redhat.com>
* gcc.c-torture/compile/trunctfdf.c: New.
@@ -98,7 +102,7 @@ Tue Sep 17 13:59:45 2002 Nicola Pero <n.pero@mi.flashnet.it>
* objc.dg/comp-types-3.m: New test.
* objc.dg/comp-types-4.m: New test.
* objc.dg/comp-types-5.m: New test.
- * objc.dg/comp-types-6.m: New test.
+ * objc.dg/comp-types-6.m: New test.
2002-09-17 John David Anglin <dave@hiauly1.hia.nrc.ca>
@@ -107,9 +111,9 @@ Tue Sep 17 13:59:45 2002 Nicola Pero <n.pero@mi.flashnet.it>
2002-09-16 Nathan Sidwell <nathan@codesourcery.com>
* g++.dg/other/do1.C: New test.
-
+
* g++.dg/template/subst1.C: New test.
-
+
2002-09-16 Steve Ellcey <sje@cup.hp.com>
* gcc.dg/20020312-2.c: Change __parisc__ to __hppa__.
diff --git a/gcc/testsuite/gcc.dg/cpp/20020927-1.c b/gcc/testsuite/gcc.dg/cpp/20020927-1.c
new file mode 100644
index 0000000..91f8951
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/cpp/20020927-1.c
@@ -0,0 +1,91 @@
+/* Test case for buffer overflow bug in token stringification.
+ See PR preprocessor/8055 for details.
+ Reported by Alexander N. Kabaev <ak03@gte.com>.
+ Test case written by Zack Weinberg <zack@codesourcery.com>. */
+
+/* { dg-do preprocess } */
+
+#define S(x) #x
+
+/* Fill up one internal buffer with data. */
+S(1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890
+ 12345678901234567890123456789012345678901234567890123456789012345)
+
+/* When stringify_arg() was called with an empty macro argument, it would
+ advance the buffer pointer by one but fail to check for running past the
+ end of the buffer. We can only know where the end of the buffer is to
+ within about eight bytes, so do this sixteen times to be sure of hitting
+ it. */
+
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+S()
+
+/* Now allocate more memory in the buffer, which should provoke a crash. */
+
+S(abcdefghijklmnopqrstuvwxyz)
+S(abcdefghijklmnopqrstuvwxyz)