Ticket #432 (Fixed)Sat Jan 21 14:12:51 UTC 2017
cc 5.72 and older: Inlined memset can result in pointer drift
Reported by: | Jeffrey Lee (213) | Severity: | Major |
Part: | RISC OS: C/C++ toolchain | Release: | |
Milestone: | Status | Fixed |
Details by Jeffrey Lee (213):
As described in this thread, if the compiler replaces a call to memset(ptr,value,size) with an inline version then there’s a chance that the variable ‘ptr’ will be left pointing at the end of the block instead of the start. This seems to happen whenever ‘size’ becomes too large for the SUB to be able to represent it as an immediate constant.
This bug seems to affect compiler versions from 5.72 to at least as far back as 5.65.
Minimal test case below, textile gods permitting.
#include <stdlib.h>
#include <string.h>
typedef struct {
int stuff[0×104c0/4];
} player_t;
player_t new_player(void)
{
player_t *player = (player_t *) malloc(sizeof(player_t));
memset(player, 0, sizeof(player));
player->stuff123 = 1;
return player;
}
Changelog:
Modified by Jeffrey Lee (213) Sat, January 21 2017 - 14:14:01 GMT
- Attachment added: memsetbug
Ugh, textile. Test case attached instead.
Modified by Sprow (202) Sat, January 21 2017 - 14:32:53 GMT
I think this is the same thing I sidestepped here
https://www.riscosopen.org/viewer/view/castle/R…
with cc 5.69. ROOL’s internal ticket number was 262 when I reported it so I guess that’s still open!
Modified by Jeffrey Lee (213) Sun, November 12 2017 - 21:12:57 GMT
- Status changed from Open to Fixed
Believed to be fixed with cc 5.75 / DDE 28