bug-gnucobol
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-GnuCOBOL] [GnuCOBOL 3.0-rc1] testsuite: 655 failed, 787 passed unex

From: TAG
Subject: [Bug-GnuCOBOL] [GnuCOBOL 3.0-rc1] testsuite: 655 failed, 787 passed unexpectedly, and fix for problems
Date: Tue, 22 Jan 2019 14:32:36 -0700
the 655 fail was reported January 1, 2019, this is my fix for the problem.


code change in cobc source code file  codegen.c fixes problem.

not sure if code will work on all C versions, however code should be easy to fix for other versions    
if the multi-redirection is a problem.

following code change in codegen.c  fixed test suite 655 error

changed lines 4532 - 4537 (or about there if other changes have already been made to file)  to have following code,  
    if (f->parent) section was added to fix buffer overrun when n is to large.

code section to change is in “output_initialize_one (struct cb_initialize *p, cb_tree x)”

if (n > 2) {
offset = size - n;
size -= n;
} else {
offset = 0;
}
  
change to:

if (n > 2) {
offset = size - n;
size -= n;
if (f->parent) {           // adjust ’n’   if  ’n’  is to large it will cause a memset buffer overrun
int n1 = 0;
if (f->parent->size < f->offset + offset + n) {
n1 = f->parent->size - f->offset - offset;
if (n1 > 0) {
n = n1;
}
}
}
} else {
offset = 0;
}

——————————

for unexpected pass, of test 787
in testsuite change   at_xfail=yes    to   at_xfail=no   for test 787

——————————




Begin forwarded message:

From: TAG <address@hidden>
Subject: [GnuCOBOL 3.0-rc1] testsuite: 655 failed, 787 passed unexpectedly
Date: January 1, 2019 at 12:14:18 PM MST

gnu-COBOL 3.0-rc1 test  suite  item 655 fail.


traced problem in test 655 to the memset commands that are produced for the report writer RD section, the numbers produced for the memset parameters cause buffer overflow. if a filler is added to increase the line to 132 characters, the computed max line value only increases baby 5 from 108 to 113 instead of 132.

I looks like the number used for the memset to blank to the end of the line in the report heading line is not computed correctly by the C code generator:

the report writer code in test 655

      01  TYPE IS REPORT HEADING.
          05  LINE 2 COLUMN 50  PIC X(16) VALUE 'INVENTORY REPORT'.


produces on line 360 of prog.c of test 655

 memcpy (b_17 + 49, "INVENTORY REPORT", 16);
 memset (b_17 + 49 + 16, 32, 49);

which exceeds the 108 character buffer, it thinks has a buffer of 115 characters.

When the report herding is changed to:
 ( the second 05 level line added to give a 132 character line length)

      01  TYPE IS REPORT HEADING.
          05  LINE 2 COLUMN 50  PIC X(16) VALUE 'INVENTORY REPORT'.
          05  LINE 2 COLUMN 132 PIC X VALUE " ".


then the code produced is:

 memcpy (b_17 + 49, "INVENTORY REPORT", 16);
 memset (b_17 + 49 + 16, 32, 116);
 memset (b_17 + 131, 32, 1);

and the second memset exceeds the 132 character buffer, it thinks it has a buffer of 182 characters




attached is the testsuite  log.


Attachment: testsuite.log
Description: Binary data


reply via email to
[Prev in Thread] Current Thread [Next in Thread]