|
From: | Pascal Cuoq |
Subject: | [Tinycc-devel] Segmentation fault when using “extern i;” to access homonym variable from inside “for (int i;...” |
Date: | Thu, 7 Mar 2019 12:56:55 +0000 |
Hello,
The input below crashes TCC for me on Ubuntu 16.04 on x86-64.
In order to be certain to observe the problem, it can help to temporarily add a debug printf call inside the function elfsym:
$ git diff
diff --git a/tccgen.c b/tccgen.c
index 87ec798..cbc6b09 100644
--- a/tccgen.c
+++ b/tccgen.c
@@ -308,6 +308,7 @@ ST_FUNC ElfSym *elfsym(Sym *s)
{
if (!s || !s->c)
return NULL;
+ printf("s->c %d is about to be used as an offset.\n", s->c);
return &((ElfSym *)symtab_section->data)[s->c];
}
The problematic input is as follows. Note that in this case this is a well-formed compilation unit:
$ cat extern_local.i
int main(void) {
char a[50];
for (int i;;) {
extern i;
i++;
}
}
Compiling with the instrumented TCC prints:
$ ./tcc extern_local.i
s->c 26 is about to be used as an offset.
s->c -56 is about to be used as an offset.
s->c 26 is about to be used as an offset.
The value of s->c being used as an offset, it is wrong that it's negative. On my machine, -56 is not enough to cause a crash, but the value of s->c is linked to the size of the unused array a. I can make TCC crash if I use a larger size:
$ cat extern_local.i
int main(void) {
char a[500000];
for (int i;;) {
extern i;
i++;
}
}
$ ./tcc extern_local.i
s->c 26 is about to be used as an offset.
s->c -500004 is about to be used as an offset.
Segmentation fault
|
[Prev in Thread] | Current Thread | [Next in Thread] |