URL: <http://savannah.gnu.org/bugs/?28748>
Summary: "matches" array is improperly sized in implicit.c:pattern_search() Project: make Submitted by: None Submitted on: Thu 28 Jan 2010 12:10:50 AM UTC Severity: 3 - Normal Item Group: Bug Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Component Version: 3.81 Operating System: Any Fixed Release: None Triage Status: None _______________________________________________________ Details: We just discovered that the bug described in the following e-mail thread (obtained by Googling "num_pattern_rules") exists in GNU Make 3.81 and was causing it to crash on Windows due to attempting to access memory off the end of the "matches" array. Note that both issues described below (sizing of "matches" and "checked_lastslash") are still incorrect in the 3.81 code base. Applying the suggested fixes eliminated the crashes and a careful reading/analysis of the code has convinced us of the correctness of the proposed change. ========== Hi, This bug also affects the variable checked_lastslash. The fix for this is to change lines 137-138 of implicit.c to: char *checked_lastslash = (char *) alloca (num_pattern_rules * max_pattern_targets * sizeof (char)); Regards, Ian -- Ian Willis Digital Broadcast Systems Philips Semiconductors Systems Laboratory, Southampton email: [EMAIL PROTECTED] tel: +44 (0)23 80702701 ---------------------- Forwarded by Ian Willis/SOU/SC/PHILIPS on 11/07/2001 15:22 --------------------------- Ian Willis 11/07/2001 14:00 To: [EMAIL protect...@smtp@EMEA2 cc: Subject: implicit.c matches not allocated enough memory Classification: Unclassified Hi, I believe I have found a bug in make version 3.79.1. I am running on Sparc/Solaris 8. This bug exists in the distribution of gnu make with Solaris 8 (version 3.78.1) and in the compiled binary package available at www.sunfreeware.com (3.79.1). With a particular set of makefiles, I get a Segmentation Violation. I have traced this to the pattern_search function of implicit.c line 133. This line allocates memory for storing rule match indicies. Since a rule may be included in tryrules multiple times (see comment on line 277), it is possible that more that num_pattern_rules elements are stored in matches. In my case, nrules was being set to 17 whilst num_pattern_rules was set to 16. Setting matches[16] was overwriting tryrules[0]. I believe that lines 132-133 should be replaced with: unsigned int *matches = (unsigned int *) alloca (num_pattern_rules * max_pattern_targets * sizeof (unsigned int)); This is similar to the allocation of tryrules (which has the same number of elements as matches). With this fix I am able to make my project sucessfully. I am working on a large project and am unable to extract all makefiles from it as an example. Regards, Ian -- Ian Willis Digital Broadcast Systems Philips Semiconductors Systems Laboratory, Southampton email: [EMAIL PROTECTED] tel: +44 (0)23 80702701 _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?28748> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-make mailing list Bug-make@gnu.org http://lists.gnu.org/mailman/listinfo/bug-make