tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Initialiser overflow bug


From: grischka
Subject: Re: [Tinycc-devel] Initialiser overflow bug
Date: Wed, 16 Mar 2022 19:40:30 +0100
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Arthur Williams via Tinycc-devel wrote:
On Thu, Mar 10, 2022 at 10:27:25AM -0800, Elijah Stone wrote:
Hi,

The following code results in an initialiser overflow ICE on the latest
version of tcc (917aad3), amd64 linux.

#include <stdlib.h>
#include <string.h>

typedef struct { char b[2]; } Barb;

Barb *f(Barb x, Barb y) {
        return memcpy(malloc(2*sizeof(Barb)), &(Barb[]){x,y}, 2*sizeof(Barb));
}

Note: if I declare char b[1] in Barb, there is no error; but the error
occurs on any larger size.

Posted about the same issue a month ago. And I believe someone had
reported the issue even before that. Last theory I heard was that the
cast might be affecting padding. I believe if you have
```
Barb temp[2] = {x,y};
```
and used temp in the memcpy you can avoid this issue. At least for me,
the fact the issue is so easy to avoid is why it isn't at the top of my
priority list.

The problem with

    Barb temp[] = {x,y}

was that in the 1st pass (meant to determine the actual size)
tcc didn't realize that 'x' is meant to initialize the complete
struct.  Rather it assumed that braces were omitted and 'x'
was to initialize the first member of the struct.  It didn't really
care about the type of 'x' at that point.

Also fixed the problem mentioned elsewhere with array-size
expressions in function parameters:

   int main(int argc, char *argv[argc + 1]);

Anyway, some things get fixed, others get broken ...

-- gr


Arthur




reply via email to

[Prev in Thread] Current Thread [Next in Thread]