git.ipfire.org Git - thirdparty/gcc.git/commit

author	Eric Botcazou <ebotcazou@adacore.com>
	Wed, 15 Jan 2025 19:37:48 +0000 (20:37 +0100)
committer	Eric Botcazou <ebotcazou@adacore.com>
	Thu, 5 Jun 2025 13:30:59 +0000 (15:30 +0200)
commit	09b0aacb5fce94199b269a9a37b697899f5a1ab3
tree	21c9711001b547bab0b80579e7e773484a99f2b0	tree \| snapshot
parent	5738c9b74bd77821b6c7438ea4e5fa1853d3f07a	commit \| diff

ada: Fix buffer overflow for function call returning discriminated limited record

This occurs when the discriminated limited record type is declared with
default values for its discriminants, is not controlled, and the context
of the call is anonymous, i.e. the result of the call is not assigned
to an object. In this case, a temporary is created to hold the result
of the call, with the default values of the discriminants, but the result
may have different values for the discriminants and, in particular, may
be larger than the temporary, which leads to a buffer overflow.

This problem does not occur when the context is an object declaration, so
the fix just makes sure that the expansion in an anonymous context always
uses the model of an object declaration. It requires a minor tweak to the
helper function Entity_Of of the Sem_Util package.

gcc/ada/ChangeLog:

* exp_ch6.adb (Expand_Actuals): Remove obsolete comment.
(Make_Build_In_Place_Call_In_Anonymous_Context): Always use a proper
object declaration initialized with the function call in the cases
where a temporary is needed, with Assignment_OK set on it.
* sem_util.adb (Entity_Of): Deal with rewritten function call first.

gcc/ada/exp_ch6.adb		diff \| blob \| blame \| history
gcc/ada/sem_util.adb		diff \| blob \| blame \| history