[SRU] A serious potential for undefined behavior was identified

Bug #1107827 reported by Jerome St-Louis
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ecere-sdk (Ubuntu)
Fix Released
Undecided
Jerome St-Louis
Quantal
Won't Fix
Medium
Unassigned

Bug Description

A serious potential for undefined behavior was identified in the eC compiler.

Although I've not been able to reproduce the problem with the current state of the Specifier class, the problem manifests itself as soon as the layout of that class is slightly modified.

The Specifier class in the eC compiler library contains a union whose members were used in alternate manner, without proper re-initialization.

[Test Case]
To reproduce the problem, add a 'void * dummy' member to the Specifier class, in sdk/compiler/libec/src/ecdefs.ec, inside the union, and inside the struct, right before 'char * name', so that it looks like:

public class Specifier : struct
{
public:
   Specifier prev, next;
   Location loc;
   SpecifierType type;
   union
   {
      int specifier;
      struct
      {
    >>> void * dummy; <<<
         char * name;
...

The compiler will then be totally broken, crashing compiling any file.
With the fix, adding the 'dummy' member there will not cause any problem.

The first and second structs of the union conflict with each other without being reinitialized properly. The first is used for when type is 'nameSpecifier', while the second is used when type is 'structSpecifier'. A Specifier is morphed from a nameSpecifier into a structSpecifier during the pass 3 of the compiler, and so this is problematic.
It seems the problem is more evident when 'templateArgs' maps to 'definitions', rather than 'baseSpecs' as was the case in Quantal. However since there is a potential for bad behavior due to the overlap between templateArgs and baseSpecs, this should be fixed.

[Regression Potential]
This is a clean fix that simply re-initializes to all members of the union, so as to avoid the problem. It should not break anything.

Changed in ecere-sdk (Ubuntu):
assignee: nobody → Jerome St-Louis (jerstlouis)
status: New → In Progress
status: In Progress → Confirmed
summary: - [SRU] Compiling some specific eC results in undefined behavior
- (corrupted memory)
+ [SRU] A serious potential for undefined behavior was identified
description: updated
Changed in ecere-sdk (Ubuntu):
status: Confirmed → Fix Released
Changed in ecere-sdk (Ubuntu Quantal):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Jerome St-Louis (jerstlouis) wrote :
Revision history for this message
Rolf Leggewie (r0lf) wrote :

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".

Changed in ecere-sdk (Ubuntu Quantal):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.