[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] Crashey code
|
From: |
shinichiro . h |
|
Subject: |
Re: [Tinycc-devel] Crashey code |
|
Date: |
Sun, 30 Nov 2008 19:45:11 +0900 |
|
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.7 Emacs/22.2 (x86_64-pc-linux-gnu) MULE/5.0 (SAKAKI) |
> The following causes tcc itself to segfault. Yes, it's a bit of a
> mess, but I didn't want to touch it so the problem was reproducible.
I believe the following patch (for tcc-0.9.24) fixes the bug.
*** tcc.c.orig Sun Nov 30 19:38:00 2008
--- tcc.c Sun Nov 30 19:37:48 2008
*************** static void init_putv(CType *type, Secti
*** 8645,8650 ****
--- 8645,8654 ----
/* XXX: generate error if incorrect relocation */
gen_assign_cast(&dtype);
bt = type->t & VT_BTYPE;
+ /* we'll write at most 8 bytes */
+ if (c + 8 > sec->data_allocated) {
+ section_realloc(sec, c + 8);
+ }
ptr = sec->data + c;
/* XXX: make code faster ? */
if (!(type->t & VT_BITFIELD)) {
But I'm not sure if this solution is the best. Maybe we need to use
section_ptr_add to move data_offset?
The simplest code to reproduce this bug seems to be
int a[][] = {{1,1,1,1,1,1,1}};
Thanks,