[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] Crash report for [mob:3054a76]
From: |
Michael Matz |
Subject: |
Re: [Tinycc-devel] Crash report for [mob:3054a76] |
Date: |
Fri, 11 Nov 2016 15:01:57 +0100 (CET) |
User-agent: |
Alpine 2.20 (LSU 67 2015-01-07) |
Hi,
On Thu, 10 Nov 2016, Steffen Nurpmeso wrote:
> Hallo.
>
> |The attached diff fixes the issue for me.
>
> One more.
diff --git a/tccgen.c b/tccgen.c
index fdd8654..00a26c5 100644
--- a/tccgen.c
+++ b/tccgen.c
@@ -6523,11 +6523,13 @@ static void gen_inline_functions(TCCState *s)
sym->r = VT_SYM | VT_CONST;
sym->type.t &= ~VT_INLINE;
+ s->inline_fns[i] = NULL;
begin_macro(&fn->func_str, 0);
next();
cur_text_section = text_section;
gen_function(sym);
end_macro();
+ s->inline_fns[i] = fn;
inline_generated = 1;
}
@@ -6544,7 +6546,7 @@ ST_FUNC void free_inline_functions(TCCState *s)
/* free tokens of unused inline functions */
for (i = 0; i < s->nb_inline_fns; ++i) {
struct InlineFunc *fn = s->inline_fns[i];
- if (fn->sym)
+ if (fn != NULL && fn->sym != NULL)
tok_str_free(fn->func_str.str);
}
What is this supposed to achieve? It can only make a difference if
free_inline_function could be called from the code inside the
NULLing/reset sequence, which is not the case.
The other hunks:
@@ -6695,14 +6697,15 @@ static int decl0(int l, int is_for_loop_init)
(VT_INLINE | VT_STATIC)) {
int block_level;
struct InlineFunc *fn;
+ size_t fnl;
const char *filename;
-
- filename = file ? file->filename : "";
- fn = tcc_malloc(sizeof *fn + strlen(filename));
- strcpy(fn->filename, filename);
+
+ fnl = strlen(filename = file ? file->filename : "") +1;
+ fn = tcc_malloc(sizeof *fn + fnl);
+ memcpy(fn->filename, filename, fnl);
fn->sym = sym;
tok_str_new(&fn->func_str);
and:
@@ -1549,8 +1549,13 @@ static CachedInclude
*search_cached_include(TCCState
*s1, const char *filename,
if (!add)
return NULL;
- e = tcc_malloc(sizeof(CachedInclude) + strlen(filename));
- strcpy(e->filename, filename);
+ /* C99 */{
+ size_t j;
+
+ j = strlen(filename) +1;
+ e = tcc_malloc(sizeof(CachedInclude) + j);
+ memcpy(e->filename, filename, j);
+ }
e->ifndef_macro = e->once = 0;
dynarray_add((void ***)&s1->cached_includes, &s1->nb_cached_includes,e);
are similar to the first hunk of your last patch. structs CachedInclude
and InlineFunc are both ending with a char[1] member and hence include the
size for a string terminator already.
Ciao,
Michael.
- [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/08
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Michael Matz, 2016/11/09
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/09
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/10
- Re: [Tinycc-devel] Crash report for [mob:3054a76],
Michael Matz <=
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], grischka, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], grischka, 2016/11/12
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Michael Matz, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/11