From dbeb4faf21597914534c791f2ca63d3ed7427810 Mon Sep 17 00:00:00 2001 From: Kirill Smelkov Date: Sun, 9 Dec 2012 19:30:28 +0400 Subject: [PATCH] lib/bcheck: Fix code typo in __bound_delete_region() We were calling get_page() with t2 index which is not correct, since get_page() operate on t1 indices. The bug is here from day-1, from 60f781c4 (first version of bounds checker) and show as a crash in __bound_delete_region() at program exit: $ ./tcc -B. -DTCC_TARGET_I386 -DCONFIG_MULTIARCHDIR=\"i386-linux-gnu\" -b -run -DONE_SOURCE \ ./tcc.c -B. -DTCC_TARGET_I386 -DCONFIG_MULTIARCHDIR=\"i386-linux-gnu\" -run -DONE_SOURCE \ ./tcc.c -B. -run tests/tcctest.c (lot's of correct output from tcctest) Runtime error: dereferencing invalid pointer at 0xa7c21cc4 __bound_delete_region() by (nil) ??? Segmentation fault The fix is simple - last page should be get through t1_end, like it is done in __bound_new_region(). After this patch, tcc is being able to compile itself with -b, then compile itself again and run tcctest with correct output. Tests follow. --- lib/bcheck.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bcheck.c b/lib/bcheck.c index ea5b233f..00b90fea 100644 --- a/lib/bcheck.c +++ b/lib/bcheck.c @@ -613,7 +613,7 @@ int __bound_delete_region(void *p) } } /* last page */ - page = get_page(t2_end); + page = get_page(t1_end); e2 = (BoundEntry *)((char *)page + t2_end); for(e=page;estart = 0;