This is the mail archive of the mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

PATCH: off-by-one error in gas/sb.c

While converting an assertion of the form `if (cond) abort ();' to use
assert (), I noticed an off-by-one error in sb_build.

free_list is a variable of type sb_list_vector.  An sb_list_vector is
essentially a fixed array of pointers to sb_elements.  The dimension
of that array is controlled by sb_max_power_two in sb.h.

The array is indexed by `size' just beneath the assertion, so the
index had better be less than sb_max_power_two, not less than or equal
to it!  Okay for mainline?


Index: sb.c
RCS file: /cvs/src/src/gas/sb.c,v
retrieving revision 1.12
diff -u -p -r1.12 sb.c
--- sb.c        18 May 2005 05:40:07 -0000      1.12
+++ sb.c        2 May 2006 01:38:26 -0000
@@ -66,8 +66,7 @@ sb_build (sb *ptr, int size)
   /* See if we can find one to allocate.  */
   sb_element *e;
-  if (size > sb_max_power_two)
-    abort ();
+  assert (size < sb_max_power_two);
   e = free_list.size[size];
   if (!e)

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]