shithub: scc

Download patch

ref: abdf69a520ddaf86c5bef1ce52a64dea1f3b5e77
parent: f20cb974e12e176500a0f44c4ebf3332e26dc463
author: Roberto E. Vargas Caballero <[email protected]>
date: Mon Aug 17 10:34:30 EDT 2015

Check integer overflow in symbol id

--- a/cc1/cc1.h
+++ b/cc1/cc1.h
@@ -46,7 +46,7 @@
 struct symbol {
 	char *name;
 	Type *type;
-	short id;
+	unsigned short id;
 	unsigned char ctx;
 	unsigned char ns;
 	unsigned char token;
--- a/cc1/code.c
+++ b/cc1/code.c
@@ -172,7 +172,7 @@
 		c = L_EXTERN;
 	else
 		c = L_AUTO;
-	printf("%c%d", c, sym->id);
+	printf("%c%u", c, sym->id);
 }
 
 static void
@@ -217,7 +217,7 @@
 	case FTN:
 	case STRUCT:
 	case UNION:
-		printf("%d", tp->id);
+		printf("%u", tp->id);
 	}
 }
 
--- a/cc1/symbol.c
+++ b/cc1/symbol.c
@@ -12,8 +12,8 @@
 #define NR_SYM_HASH 64
 
 unsigned curctx;
-static short localcnt;
-static short globalcnt;
+static unsigned short localcnt;
+static unsigned short globalcnt;
 
 static Symbol *head, *labels;
 static Symbol *htab[NR_SYM_HASH];
@@ -138,6 +138,19 @@
 	head = sym;
 }
 
+static unsigned short
+newid(void)
+{
+	unsigned id;
+
+	id = (curctx) ? ++localcnt : ++globalcnt;
+	if (id == 0) {
+		die("Overflow in %s identifiers",
+		    (curctx) ? "internal" : "external");
+	}
+	return id;
+}
+
 Type *
 duptype(Type *base)
 {
@@ -144,7 +157,7 @@
 	Type *tp = xmalloc(sizeof(*tp));
 
 	*tp = *base;
-	tp->id = (curctx) ? ++localcnt : ++globalcnt;
+	tp->id = newid();
 	return tp;
 }
 
@@ -167,7 +180,7 @@
 		return sym;
 	if (ns == NS_LABEL) {
 		sym->next = labels;
-		sym->id = ++localcnt;
+		sym->id = newid();
 		return labels = sym;
 	}
 
@@ -263,7 +276,7 @@
 
 assign_id:
 	if (sym->ns != NS_CPP || sym->ns != NS_LABEL)
-		sym->id = (curctx) ? ++localcnt : ++globalcnt;
+		sym->id = newid();
 
 	return sym;
 }