From: Claire Dross Date: Thu, 11 Jul 2019 08:02:44 +0000 (+0000) Subject: [Ada] Memory corruption when using formal hashed sets or maps X-Git-Tag: misc/cutover-git~4051 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1048a1839fde97a1bd790b002dad8b79e172724f;p=thirdparty%2Fgcc.git [Ada] Memory corruption when using formal hashed sets or maps Add a check to avoid causing a buffer overflow when the map is empty 2019-07-11 Claire Dross gcc/ada/ * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not reset the Has_Element flag if no element is freed. From-SVN: r273397 --- diff --git a/gcc/ada/ChangeLog b/gcc/ada/ChangeLog index a38990f3b452..2f8ad77e5405 100644 --- a/gcc/ada/ChangeLog +++ b/gcc/ada/ChangeLog @@ -1,3 +1,8 @@ +2019-07-11 Claire Dross + + * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not + reset the Has_Element flag if no element is freed. + 2019-07-11 Arnaud Charlet * errno.c: Remove obsolete support for MaRTE OS. diff --git a/gcc/ada/libgnat/a-cfhama.adb b/gcc/ada/libgnat/a-cfhama.adb index 2cdde0182506..580ca12671fc 100644 --- a/gcc/ada/libgnat/a-cfhama.adb +++ b/gcc/ada/libgnat/a-cfhama.adb @@ -509,8 +509,11 @@ is procedure Free (HT : in out Map; X : Count_Type) is begin - HT.Nodes (X).Has_Element := False; - HT_Ops.Free (HT, X); + if X /= 0 then + pragma Assert (X <= HT.Capacity); + HT.Nodes (X).Has_Element := False; + HT_Ops.Free (HT, X); + end if; end Free; ---------------------- diff --git a/gcc/ada/libgnat/a-cfhase.adb b/gcc/ada/libgnat/a-cfhase.adb index ae8ae128e104..8cc220c17d5a 100644 --- a/gcc/ada/libgnat/a-cfhase.adb +++ b/gcc/ada/libgnat/a-cfhase.adb @@ -760,8 +760,11 @@ is procedure Free (HT : in out Set; X : Count_Type) is begin - HT.Nodes (X).Has_Element := False; - HT_Ops.Free (HT, X); + if X /= 0 then + pragma Assert (X <= HT.Capacity); + HT.Nodes (X).Has_Element := False; + HT_Ops.Free (HT, X); + end if; end Free; ----------------------