tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] tccgen.c: off by one in flexible array members


From: Henry Kroll
Subject: Re: [Tinycc-devel] tccgen.c: off by one in flexible array members
Date: Sat, 12 Mar 2016 15:40:20 -0800

Thanks for looking into this. What made it seem like off-by one is it
happens whenever s[9] is declared as a multiple of [n*8+1].

|<---struct------------>|<---char s[0] gets overwritten
[b][u][g][s][ ][ ][ ][ ][n][o][ ][ ][ ][ ][ ][ ][ ]

It could be an internal alignment issue with s[9] though, probably
malloc() returning memory aligned in multiples of 8 bytes. Didn't think
of that.

Any number, say 5*8+1 also triggers the bug:

#include <stdio.h>
struct w {
    char *data; char mem[];
};
int main (void) {
    char s[5*8+1]="no"; struct w q = {"bugs"};
    printf ("tcc has %s %s\n", s, q.data);
    return !s[0];
}

The flexible array member, mem[], is not being initialized.
Only q.data is.

> One isn't allowed to
> initialize 
> flex array members, only via malloc and assignments.  (But the GCC 
> extension is probably quite prevalent as GCC doesn't even warn about
> it in 
> conformant mode.
> 
> 
> Ciao,
> Michael.
> 
> _______________________________________________
> Tinycc-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/tinycc-devel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]