[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] tccgen.c: off by one in flexible array members

From: Henry Kroll
Subject: [Tinycc-devel] tccgen.c: off by one in flexible array members
Date: Wed, 09 Mar 2016 15:22:03 -0800

Hello, devs. It's been a while since committing a patch. I discovered a
small bug in flexible arrays while playing around with the mob branch.
The bug affects all cross-compilers & platforms since March 18, 2011. I
created a small test test.

./tcc -B. -run tests/flexibletest.c

tcc has  bugs

//=== flexibletest.c ==================================
#include <stdio.h>
struct w {
    char *data; char mem[];
int main (void) {
    char s[9]="no"; struct w q = {"bugs"};
    printf ("tcc has %s %s\n", s, q.data);
    return !s[0];

Git bisect blames this patch. Looking at the sources, it appears to be
an off-by-one error overwriting the first byte of char s[9] in the
above program. The rest of the string is there.

commit 17571298f30bf204fafe9cf1aca5258d2d087d63
Author: Joe Soroka <address@hidden>
Date:   Fri Mar 18 17:50:42 2011 -0700

    handle c99 flexible array members less hackily

I created a + 1 patch that seems to work, but I need to run more tests
before committing.

diff --git a/tccgen.c b/tccgen.c
index 3cd28ed..270d11c 100644
--- a/tccgen.c
+++ b/tccgen.c
@@ -5847,7 +5847,7 @@ static void decl_initializer_alloc(CType *type,
AttributeDef *ad, int r,
             tcc_error("unknown type size");
     if (flexible_array)
-        size += flexible_array->type.ref->c *
+        size += flexible_array->type.ref->c *
pointed_size(&flexible_array->type) + 1;
     /* take into account specified alignment if bigger */
     if (ad->a.aligned) {
         if (ad->a.aligned > align)

Have a great day!

Insert witty quote here.
Henry Kroll <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]