On Thu, Jun 28, 2012 at 4:23 PM, Philipp Klaus Krause <pkk@spth.de> wrote:
While working on the smallopts branch, I found a bug in peep.c:

for (op1start = pl->line; !isspace (*op1start); ++op1start)

which I changed to

for (op1start = pl->line; *op1start && !isspace (*op1start); ++op1start)

the old version can result in reading over the end of the array when
there is no operand to the asm instruction. Normally this has no effect,
except for making op1start point into the void (op1start is not used in
the further in that case). However, the isspace() itself can access
memory that doesn't belong to the process (if the memory happens to not
contain any zeroes nearby) resulting in a SIGSEGV. Apaprently this
happens only very rarely, otherwise we would have seen a lot of SIGSEGV
bug reports. Nevertheless, I'd like to see this fixed.


Probably you meant to fix in in trunk before RC3?

Please commit the fix.