[Ada] Memory corruption when using formal hashed sets or maps

Pierre-Marie de Rodat Thu, 11 Jul 2019 01:06:44 -0700

Add a check to avoid causing a buffer overflow when the map is empty

Tested on x86_64-pc-linux-gnu, committed on trunk


2019-07-11  Claire Dross  <dr...@adacore.com>

gcc/ada/

        * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
        reset the Has_Element flag if no element is freed.

--- gcc/ada/libgnat/a-cfhama.adb
+++ gcc/ada/libgnat/a-cfhama.adb
@@ -509,8 +509,11 @@ is
 
    procedure Free (HT : in out Map; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------

--- gcc/ada/libgnat/a-cfhase.adb
+++ gcc/ada/libgnat/a-cfhase.adb
@@ -760,8 +760,11 @@ is
 
    procedure Free (HT : in out Set; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------

[Ada] Memory corruption when using formal hashed sets or maps

Reply via email to