This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
PATCH: off-by-one error in gas/sb.c
- From: Ben Elliston <bje at au1 dot ibm dot com>
- To: binutils at sourceware dot org
- Date: Tue, 2 May 2006 11:45:22 +1000
- Subject: PATCH: off-by-one error in gas/sb.c
While converting an assertion of the form `if (cond) abort ();' to use
assert (), I noticed an off-by-one error in sb_build.
free_list is a variable of type sb_list_vector. An sb_list_vector is
essentially a fixed array of pointers to sb_elements. The dimension
of that array is controlled by sb_max_power_two in sb.h.
The array is indexed by `size' just beneath the assertion, so the
index had better be less than sb_max_power_two, not less than or equal
to it! Okay for mainline?
Ben
Index: sb.c
===================================================================
RCS file: /cvs/src/src/gas/sb.c,v
retrieving revision 1.12
diff -u -p -r1.12 sb.c
--- sb.c 18 May 2005 05:40:07 -0000 1.12
+++ sb.c 2 May 2006 01:38:26 -0000
@@ -66,8 +66,7 @@ sb_build (sb *ptr, int size)
/* See if we can find one to allocate. */
sb_element *e;
- if (size > sb_max_power_two)
- abort ();
+ assert (size < sb_max_power_two);
e = free_list.size[size];
if (!e)