** Description changed:
- Compiling some specific eC results in undefined behavior after memory has
been corrupted.
- The Specifier class in the eC compiler library contains a union whose members
were used in alternate manner, without proper reinitialization.
+ A serious potential for undefined behavior was identified in the eC
+ compiler.
+
+ Although I've not been able to reproduce the problem with the current
+ state of the Specifier class, the problem manifests itself as soon as
+ the layout of that class is slightly modified.
+
+ The Specifier class in the eC compiler library contains a union whose
+ members were used in alternate manner, without proper re-initialization.
[Test Case]
- The eC compiler will crash or produce unexpected behavior when compiling some
specific eC code [need to remember/dig that code out].
+ To reproduce the problem, add a 'void * dummy' member to the Specifier class,
in sdk/compiler/libec/src/ecdefs.ec, inside the union, and inside the struct,
right before 'char * name', so that it looks like:
+
+ public class Specifier : struct
+ {
+ public:
+ Specifier prev, next;
+ Location loc;
+ SpecifierType type;
+ union
+ {
+ int specifier;
+ struct
+ {
+ >>> void * dummy; <<<
+ char * name;
+ ...
+
+ The compiler will then be totally broken, crashing compiling any file.
+ With the fix, adding the 'dummy' member there will not cause any problem.
+
+ The first and second structs of the union conflict with each other without
being reinitialized properly. The first is used for when type is
'nameSpecifier', while the second is used when type is 'structSpecifier'. A
Specifier is morphed from a nameSpecifier into a structSpecifier during the
pass 3 of the compiler, and so this is problematic.
+ It seems the problem is more evident when 'templateArgs' maps to
'definitions', rather than 'baseSpecs' as was the case in Quantal. However
since there is a potential for bad behavior due to the overlap between
templateArgs and baseSpecs, this should be fixed.
[Regression Potential]
This is a clean fix that simply re-initializes to all members of the union,
so as to avoid the problem. It should not break anything.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1107827
Title:
[SRU] A serious potential for undefined behavior was identified
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecere-sdk/+bug/1107827/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
