diagnostics: fix crash when consolidating out-of-order fix-it hints (PR c/81405)

Programming / Compilers / GCC - dmalcolm [138bc75d-0d04-0410-961f-82ee72b054a4] - 13 July 2017 15:30 EDT

PR c/81405 identifies a crash when printing fix-it hints from
-Wmissing-braces when there are excess elements.

The fix-it hints are bogus (which I've filed separately as PR c/81432), but they lead to a crash within the fix-it consolidation logic I added in r247548, in line_corrections::add_hint.

The root cause is that some of the fix-it hints are out-of-order with respect to the column numbers they affect, which can lead to negative
values when computing the gap between the fix-it hints, leading to bogus memcpy calls that generate out-of-bounds buffer accesses.

The fix is to sort the fix-it hints after filtering them, ensuring that the gap >= 0. The patch also adds numerous assertions to the code, both directly, and by moving the memcpy calls and their args behind interfaces (themselves containing gcc_assert).

This fixes the crash; it doesn't fix the bug in -Wmissing-braces that leads to the bogus hints.

gcc/ChangeLog: PR c/81405
- diagnostic-show-locus.c (fixit_cmp): New function. (layout::layout): Sort m_fixit_hints. (column_range::column_range): Assert that the values are valid. (struct char_span): New struct. (correction::overwrite): New method. (struct source_line): New struct. (line_corrections::add_hint): Add assertions. Reimplement memcpy calls in terms of classes source_line and char_span, and correction::overwrite. (selftest::test_overlapped_fixit_printing_2): New function. (selftest::diagnostic_show_locus_c_tests): Call it.

gcc/testsuite/ChangeLog: PR c/81405
- gcc.dg/Wmissing-braces-fixits.c: Add coverage for PR c/81405. */

f907f13 diagnostics: fix crash when consolidating out-of-order fix-it hints (PR c/81405)
gcc/ChangeLog | 17 ++-
gcc/diagnostic-show-locus.c | 193 ++++++++++++++++++++++++--
gcc/testsuite/ChangeLog | 7 +-
gcc/testsuite/gcc.dg/Wmissing-braces-fixits.c | 25 ++++
4 files changed, 227 insertions(+), 15 deletions(-)

Upstream: gcc.gnu.org


  • Share