diff --git a/gcc/ChangeLog b/gcc/ChangeLog index c354cf995f4..2af02d4bb6c 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2002-09-27 Alexander N. Kabaev + + PR preprocessor/8055 + * cppmacro.c (stringify_arg): Do not overflow the buffer + with the terminating NUL when the argument to be stringified + has no tokens. + 2002-09-27 Richard Henderson * unroll.c (simplify_cmp_and_jump_insns): New. @@ -74,7 +81,7 @@ * dbxout.c (FORCE_TEXT): Switch to current_function_decl, not text_section. - * xcoffout.h (DBX_STATIC_BLOCK_START): Remove explicit change to + * xcoffout.h (DBX_STATIC_BLOCK_START): Remove explicit change to text section. * config/rs6000/rs6000.c (rs6000_override_options): Allow function-sections and data-sections functionality on AIX. @@ -143,12 +150,12 @@ 2002-09-24 Eric Christopher - * config/mips/elf.h: Add HANDLE_SYSV_PRAGMA. - * config/mips/elf64.h: Ditto. + * config/mips/elf.h: Add HANDLE_SYSV_PRAGMA. + * config/mips/elf64.h: Ditto. 2002-09-24 Eric Christopher - * except.c (expand_builtin_extract_return_address): Handle case + * except.c (expand_builtin_extract_return_address): Handle case where Pmode != ptr_mode. 2002-09-26 Steve Ellcey @@ -224,11 +231,11 @@ 2002-09-24 Adam Nemet - * config/arm/arm.c (thumb_unexpanded_epilogue): Don't generate - epilogue for naked functions. + * config/arm/arm.c (thumb_unexpanded_epilogue): Don't generate + epilogue for naked functions. 2002-09-24 Adam Nemet - Nick Clifton + Nick Clifton * config/arm/arm.h (THUMB_FUNCTION_PROFILER): Remove. (FUNCTION_PROFILER): Only invoke THUMB_FUNCTION_PROFILER if it diff --git a/gcc/cppmacro.c b/gcc/cppmacro.c index b8fb792de88..113b20dac24 100644 --- a/gcc/cppmacro.c +++ b/gcc/cppmacro.c @@ -409,6 +409,12 @@ stringify_arg (pfile, arg) } /* Commit the memory, including NUL, and return the token. */ + if ((size_t) (BUFF_LIMIT (pfile->u_buff) - dest) < 1) + { + size_t len_so_far = dest - BUFF_FRONT (pfile->u_buff); + _cpp_extend_buff (pfile, &pfile->u_buff, 1); + dest = BUFF_FRONT (pfile->u_buff) + len_so_far; + } len = dest - BUFF_FRONT (pfile->u_buff); BUFF_FRONT (pfile->u_buff) = dest + 1; return new_string_token (pfile, dest - len, len); diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index d211f1b0f37..b5bea3dc589 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,7 @@ +2002-09-27 Zack Weinberg + + * gcc.dg/cpp/20020927-1.c: New. + 2002-09-26 David S. Miller * gcc.c-torture/compile/trunctfdf.c: New. @@ -98,7 +102,7 @@ Tue Sep 17 13:59:45 2002 Nicola Pero * objc.dg/comp-types-3.m: New test. * objc.dg/comp-types-4.m: New test. * objc.dg/comp-types-5.m: New test. - * objc.dg/comp-types-6.m: New test. + * objc.dg/comp-types-6.m: New test. 2002-09-17 John David Anglin @@ -107,9 +111,9 @@ Tue Sep 17 13:59:45 2002 Nicola Pero 2002-09-16 Nathan Sidwell * g++.dg/other/do1.C: New test. - + * g++.dg/template/subst1.C: New test. - + 2002-09-16 Steve Ellcey * gcc.dg/20020312-2.c: Change __parisc__ to __hppa__. diff --git a/gcc/testsuite/gcc.dg/cpp/20020927-1.c b/gcc/testsuite/gcc.dg/cpp/20020927-1.c new file mode 100644 index 00000000000..91f89518a22 --- /dev/null +++ b/gcc/testsuite/gcc.dg/cpp/20020927-1.c @@ -0,0 +1,91 @@ +/* Test case for buffer overflow bug in token stringification. + See PR preprocessor/8055 for details. + Reported by Alexander N. Kabaev . + Test case written by Zack Weinberg . */ + +/* { dg-do preprocess } */ + +#define S(x) #x + +/* Fill up one internal buffer with data. */ +S(1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890123456789012345678901234567890 + 12345678901234567890123456789012345678901234567890123456789012345) + +/* When stringify_arg() was called with an empty macro argument, it would + advance the buffer pointer by one but fail to check for running past the + end of the buffer. We can only know where the end of the buffer is to + within about eight bytes, so do this sixteen times to be sure of hitting + it. */ + +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() +S() + +/* Now allocate more memory in the buffer, which should provoke a crash. */ + +S(abcdefghijklmnopqrstuvwxyz) +S(abcdefghijklmnopqrstuvwxyz)