mirror of
git://repo.or.cz/tinycc.git
synced 2026-07-04 02:18:50 +08:00
Do not read past array end in struct return
Some checks failed
build and test / test-x86_64-linux (push) Has been cancelled
build and test / test-x86_64-osx (push) Has been cancelled
build and test / test-aarch64-osx (push) Has been cancelled
build and test / test-x86_64-win32 (push) Has been cancelled
build and test / test-i386-win32 (push) Has been cancelled
build and test / test-armv7-linux (push) Has been cancelled
build and test / test-aarch64-linux (push) Has been cancelled
build and test / test-riscv64-linux (push) Has been cancelled
Some checks failed
build and test / test-x86_64-linux (push) Has been cancelled
build and test / test-x86_64-osx (push) Has been cancelled
build and test / test-aarch64-osx (push) Has been cancelled
build and test / test-x86_64-win32 (push) Has been cancelled
build and test / test-i386-win32 (push) Has been cancelled
build and test / test-armv7-linux (push) Has been cancelled
build and test / test-aarch64-linux (push) Has been cancelled
build and test / test-riscv64-linux (push) Has been cancelled
This commit is contained in:
parent
9dffcd29d3
commit
fa9795406d
15
tccgen.c
15
tccgen.c
@ -6706,11 +6706,16 @@ static void gfunc_return(CType *func_type)
|
|||||||
/* returning structure packed into registers */
|
/* returning structure packed into registers */
|
||||||
int size, addr, align, rc, n;
|
int size, addr, align, rc, n;
|
||||||
size = type_size(func_type,&align);
|
size = type_size(func_type,&align);
|
||||||
if ((align & (ret_align - 1))
|
if (ret_nregs * regsize > size ||
|
||||||
&& ((vtop->r & VT_VALMASK) < VT_CONST /* pointer to struct */
|
((align & (ret_align - 1))
|
||||||
|| (vtop->c.i & (ret_align - 1))
|
&& ((vtop->r & VT_VALMASK) < VT_CONST /* pointer to struct */
|
||||||
)) {
|
|| (vtop->c.i & (ret_align - 1))
|
||||||
loc = (loc - size) & -ret_align;
|
))) {
|
||||||
|
if (ret_nregs * regsize > size)
|
||||||
|
size = ret_nregs * regsize;
|
||||||
|
if (ret_align > align)
|
||||||
|
align = ret_align;
|
||||||
|
loc = (loc - size) & -align;
|
||||||
addr = loc;
|
addr = loc;
|
||||||
type = *func_type;
|
type = *func_type;
|
||||||
vset(&type, VT_LOCAL | VT_LVAL, addr);
|
vset(&type, VT_LOCAL | VT_LVAL, addr);
|
||||||
|
|||||||
@ -6,6 +6,10 @@ typedef struct {
|
|||||||
double d2;
|
double d2;
|
||||||
} Node;
|
} Node;
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
int a, b, c;
|
||||||
|
} A;
|
||||||
|
|
||||||
Node init(Node self) {
|
Node init(Node self) {
|
||||||
self.data[0] = 0;
|
self.data[0] = 0;
|
||||||
self.data[1] = 1;
|
self.data[1] = 1;
|
||||||
@ -25,11 +29,25 @@ void print_data(Node data) {
|
|||||||
data.d1, data.d2);
|
data.d1, data.d2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
A test(void)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
A arr[30];
|
||||||
|
|
||||||
|
for (i = 0; i < 30; i++)
|
||||||
|
arr[i].b = i;
|
||||||
|
return arr[29];
|
||||||
|
}
|
||||||
|
|
||||||
int main(void) {
|
int main(void) {
|
||||||
/* This code resulted in a bounds checking error */
|
/* This code resulted in a bounds checking error */
|
||||||
Node data;
|
Node data;
|
||||||
|
A a;
|
||||||
dummy (data);
|
dummy (data);
|
||||||
char val;
|
char val;
|
||||||
data = init (data);
|
data = init (data);
|
||||||
print_data(data);
|
print_data(data);
|
||||||
|
a = test();
|
||||||
|
printf("%d\n", a.b);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1 +1,2 @@
|
|||||||
0 1 2 3 1234 2345
|
0 1 2 3 1234 2345
|
||||||
|
29
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user