[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re : bug in gawk-3.1.0
From: |
Hans-Bernhard Broeker |
Subject: |
Re: Re : bug in gawk-3.1.0 |
Date: |
13 Jun 2002 09:35:43 GMT |
Olatunji Oluwabukunmi Ruwase <address@hidden> wrote:
> Hi,
> i do apologize if this happens to be an old and fixed bug, but i searched
> in vain for a list of reported/fixed bugs for gawk.
> anyway i m working on improving the performance of Richard Jones' bounds
> checking extension to gcc by reducing the slowdown it imposes on code
> compiled with it.
> so while testing the effectiveness of my code on known buffer
> overflow bugs, i decided to work on gawk-3.0.1 and
> came up on this bug in random.c
> random.c:178: static long randtbl[DEG_3 + 1] = {
> random.c:230: static long *end_ptr = &randtbl[DEG_3 + 1];
> line 230 is clearly an out of range array expression.
No, it's not. But it's a bit tricky to see why. This is perfectly
valid C because of two special exceptions in the language definitions:
1) You're always allowed to create a pointer to the object exactly behind
the end of a given array. I.e. in the case above
randtbl + (DEG_3 + 1)
is a completely valid pointer expression --- you're just not allowed to
*dereference* this pointer. You can do pointer arithmetics with it,
though, and more importantly, it's valid for comparisons with pointers
into randtbl[].
2) &(*(some_pointer)) is specially defined to be equivalent to
some_pointer itself. In particular it does not have the effect
of dereferencing some_pointer.
Combine this with the usual expansion of a[i] as *(a+i), and you get:
&randtbl[DEG_3 + 1]
== &(*(randtbl + (DEG_3 + 1)))
== randtbl + (DEG_3 + 1)
which, by the first special exception, is a legal pointer.
> interestingly Richard Jone's extension flagged this at compile time.
It may flag this as a warning. If it flags this construct as an
error, though, that constitutes a bug in his implementation.
--
Hans-Bernhard Broeker (address@hidden)
Even if all the snow were burnt, ashes would remain.