Re: [hatari-devel] regression in debugger / disasm ? -> tricky out of limit memory access

[ Thread Index | Date Index | More lists.tuxfamily.org/hatari-devel Archives ]


Hi,

On keskiviikko 25 joulukuu 2013, Nicolas Pomarède wrote:
> After a lot of printf to try to follow the instruction flow, I saw these
> lines around 2420 :
> 
>           // does another operand follow => add separator
>           if(ots->op[i+1] != ofNone)
>                *dbuf++ = ',';
> 
> The problem is that when i=4, we test op[5], which is outside of the
> limit. In that case, a ',' is added to dbuf ; but dbuf is very large, we
> should not overwrite anything, so I don't see why it alter the
> processing of the for loop... (certainly the way gcc handles the stack
> for local variable or sthg like that)
> 
> Still, by doing :
> 
>          if ( (i+1<5) && ( ots->op[i+1] != ofNone) )
>                    *dbuf++ = ',';
> 
> Then everything works again as before ; so I will commit a patch to this
> later.

Accessing arrays outside of bounds is invalid C.
Compiler is free to do whatever it wants for code that
can do such things.

http://en.wikipedia.org/wiki/Undefined_behavior
http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html


> In the meantime, if someones wants to try with mudflap or similar tools
> to see if an access error is reported with proper debugging flags, it
> could be interesting to see (is this error really detected by mudflap or
> others ?)


	- Eero



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/