Project

General

Profile

Actions
Copy link

Bug #13

closed

The compiler ignores some hidden pointer fields, which leads to memory corruption

Added by I. Denisov about 11 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
1.7
Start date:
09/09/2014
Due date:
% Done:

100%

Estimated time:
Forum topic:

Description

The compiler ignores hidden pointer fields in base types of a record B when B is nested into another record C. This leads to an inconsistent type descriptor of C and thereby to memory corruption and a system crash.

Refers to CPC 1.7 rc5 change list number 19.

Files

Download all files
Test.zip (5.22 KB) Test.zip I. Denisov, 09/09/2014 03:11 AM
DevCPT.zip (18.7 KB) DevCPT.zip I. Denisov, 09/09/2014 03:11 AM
Actions
Copy link
 #1

Updated by I. Denisov about 11 years ago

  • Status changed from New to Resolved
  • Target version set to 1.7
  • % Done changed from 0 to 80

Chris has found better solution of this problem without additional procedures.

b8281d75

Actions
Copy link
 #2

Updated by I. Denisov about 11 years ago

  • Status changed from Resolved to Closed
  • % Done changed from 80 to 100

The bug fix merged with master in 46f8e3e3

Actions
Copy link
 #3

Updated by J. Templ over 10 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by J. Templ over 9 years ago

  • Description updated (diff)

Marco Ciot:

The affected module is DevCPT.

The bug is very old. I guess it was there in the original Oberon Compiler written by N. Wirth, already. (And never discovered so far?!?) If this particular language construct is used, however, it leads to Heap Corruption.

Marco Ciot:

Fixed excerpt from DevCPT:

    PROCEDURE OutRecurseBaseTypeForHdFlds (typ: Struct; adr: INTEGER);
    BEGIN
        IF typ.BaseTyp # NIL THEN OutRecurseBaseTypeForHdFlds(typ.BaseTyp, adr); END;
        OutFlds(typ.link, adr, FALSE);
    END OutRecurseBaseTypeForHdFlds;

    PROCEDURE OutHdFld(typ: Struct; fld: Object; adr: INTEGER);
        VAR i, j, n: INTEGER; btyp: Struct; debugNow: BOOLEAN;
    BEGIN
        IF typ.comp = Record THEN
            IF typ.BaseTyp # NIL THEN OutRecurseBaseTypeForHdFlds(typ.BaseTyp, adr); END;
            OutFlds(typ.link, adr, FALSE);

Additionally the finger printing needs to be fixed, as well:

    PROCEDURE FPrintStr*(typ: Struct);
        VAR f, c: SHORTINT; btyp: Struct; strobj, bstrobj: Object; pbfp, pvfp: INTEGER;

        PROCEDURE ^FPrintFlds(fld: Object; adr: INTEGER; visible: BOOLEAN);

        PROCEDURE FPrintRecurseBaseTypeForHdFlds (typ: Struct; adr: INTEGER);
        BEGIN
            IF typ.BaseTyp # NIL THEN FPrintRecurseBaseTypeForHdFlds(typ.BaseTyp, adr); END;
            FPrintFlds(typ.link, adr, FALSE);
        END FPrintRecurseBaseTypeForHdFlds;

        PROCEDURE FPrintHdFld(typ: Struct; fld: Object; adr: INTEGER);    (* modifies pvfp only *)
            VAR i, j, n: INTEGER; btyp: Struct;
        BEGIN
            IF typ.comp = Record THEN
                IF typ.BaseTyp # NIL THEN FPrintRecurseBaseTypeForHdFlds(typ.BaseTyp, adr); END;
                FPrintFlds(typ.link, adr, FALSE);

Josef Templ wrote:

The names OutRecurseBaseTypeForHdFlds and FPrintRecurseBaseTypeForHdFlds
are instructive for reviewing purposes.

The names of the new procedures are inappropriate.
Use OutHdBaseFlds and FPrintHdBaseFlds.
It is hard to imagine that any other name would be more 'natural'
and the currently used names are certainly not fitting with the existing names.

Actions
Copy link

Also available in: Atom PDF