tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Segmentation fault when using “extern i;” to access homon


From: Pascal Cuoq
Subject: [Tinycc-devel] Segmentation fault when using “extern i;” to access homonym variable from inside “for (int i;...”
Date: Thu, 7 Mar 2019 12:56:55 +0000

Hello,

The input below crashes TCC for me on Ubuntu 16.04 on x86-64.

In order to be certain to observe the problem, it can help to temporarily add a debug printf call inside the function elfsym:

$ git diff
diff --git a/tccgen.c b/tccgen.c
index 87ec798..cbc6b09 100644
--- a/tccgen.c
+++ b/tccgen.c
@@ -308,6 +308,7 @@ ST_FUNC ElfSym *elfsym(Sym *s)
 {
   if (!s || !s->c)
     return NULL;
+  printf("s->c %d is about to be used as an offset.\n", s->c);
   return &((ElfSym *)symtab_section->data)[s->c];
 }



The problematic input is as follows. Note that in this case this is a well-formed compilation unit:

$ cat extern_local.i
int main(void) {
  char a[50];
  for (int i;;) {
    extern i;
    i++;
  }
}

Compiling with the instrumented TCC prints:

$ ./tcc extern_local.i
s->c 26 is about to be used as an offset.
s->c -56 is about to be used as an offset.
s->c 26 is about to be used as an offset.

The value of s->c being used as an offset, it is wrong that it's negative. On my machine, -56 is not enough to cause a crash, but the value of s->c is linked to the size of the unused array a. I can make TCC crash if I use a larger size:

$ cat extern_local.i
int main(void) {
  char a[500000];
  for (int i;;) {
    extern i;
    i++;
  }
}
$ ./tcc extern_local.i
s->c 26 is about to be used as an offset.
s->c -500004 is about to be used as an offset.
Segmentation fault


reply via email to

[Prev in Thread] Current Thread [Next in Thread]