#3 Buffer overflow expanding macro

closed
nobody
None
5
2007-11-22
2007-11-21
Incubos
No

An error happens when preprocessing the file from standard test suite CTorture. CPP preprocesses the file successfully.

Diagnostics:

unsigned foo(int x[64], int y[64])
{
/home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:24: error: Buffer overflow expanding macro "C" at "if ((x+12)[0] > (y+48+4)[3]) goto gt; if ((x+12)[0"
macro "C" defined as: #define C(a,b) if (a > b) goto gt; if (a < b) goto lt; /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:11 */
macro "C4" defined as: #define C4(x,b) C((x)[0], b) C((x)[1],b) C((x)[2],b) C((x)[3],b) /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:13 */
macro "C16" defined as: #define C16(x,y) C4(x, (y)[0]) C4(x, (y)[1]) C4(x, (y)[2]) C4(x, (y)[3]) /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:14 */
macro "C64" defined as: #define C64(x,y) C16(x,y) C16(x+4,y) C16(x+8,y) C16(x+12,y) /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:16 */
macro "C256" defined as: #define C256(x,y) C64(x,y) C64(x,y+4) C64(x,y+8) C64(x,y+12) /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:17 */
macro "C1024" defined as: #define C1024(x,y) C256(x,y) C256(x+16,y) C256(x+32,y) C256(x+48,y) /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:19 */
macro "C4096" defined as: #define C4096(x,y) C1024(x,y) C1024(x,y+16) C1024(x,y+32) C1024(x,y+48) /* /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c:20 */
from /home/zakh/work/panasonic/cparser/trunk/ctest/preproc.c: 24: C4096(x,y);
;

return 0x01234567;
gt:
return 0x12345678;
lt:
return 0xF0123456;
}

Discussion

  • Incubos

    Incubos - 2007-11-21

    Try to preprocess this file using mcpp

     
  • Kiyoshi Matsui

    Kiyoshi Matsui - 2007-11-22

    Logged In: YES
    user_id=1509677
    Originator: NO

    This is a translation limit of MCPP. MCPP limits the size of macro
    expansion buffer to 256KB by default. The macro of this testcase,
    however, expands to 310KB long. MCPP has been tested against some real
    world programs, especially the current revision of V.2.7-prerelease has
    been tested against firefox CVS source and glibc 2.4 source on Linux. I
    think the current buffer size is almost sufficient for real world
    programs.

    If you really need more large buffer for macro expansion, change the
    source as follows and recompile it.

    --------------------------------------------------------
    --- system.H 2007-09-19 19:01:07.000000000 +0900
    +++ system.H.rev 2007-11-22 15:03:04.000000000 +0900
    @@ -295,7 +295,7 @@
    #define NWORK NBUFF /* 0x1000, 0x4000, 0x10000, .. */
    #endif
    #ifndef NMACWORK
    -#define NMACWORK (NWORK * 4) /* Must be NWORK * 2 <= NMACWORK */
    +#define NMACWORK (NWORK * 8) /* Must be NWORK * 2 <= NMACWORK */
    #endif
    #ifndef SBSIZE
    #define SBSIZE 0x400
    --------------------------------------------------------

    By the way, I think that this testcase is:

    gcc.c-torture/compile/20001226-1.c

    of GCC's testsuite. You are better to cite the original path-list.

     
  • Kiyoshi Matsui

    Kiyoshi Matsui - 2007-11-22

    Logged In: YES
    user_id=1509677
    Originator: NO

    Sorry, the format of the difference file has been corrupted by the text-box.
    But, you could see that the difference is only one character.

     
  • Incubos

    Incubos - 2007-11-22
    • status: open --> closed
     
  • Incubos

    Incubos - 2007-11-22

    Logged In: YES
    user_id=1876655
    Originator: YES

    Thanks, i'll recompile it. I will cite the original path-list in other cases.

     

Log in to post a comment.