[Ada] Memory corruption when using formal hashed sets or maps

Add a check to avoid causing a buffer overflow when the map is empty

2019-07-11  Claire Dross  <dross@adacore.com>

gcc/ada/

	* libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
	reset the Has_Element flag if no element is freed.

From-SVN: r273397

diff --git a/gcc/ada/ChangeLog b/gcc/ada/ChangeLog
index a38990f..2f8ad77 100644 (file)
--- a/gcc/ada/ChangeLog
+++ b/gcc/ada/ChangeLog
@@ -1,3 +1,8 @@
+2019-07-11  Claire Dross  <dross@adacore.com>
+
+       * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
+       reset the Has_Element flag if no element is freed.
+
 2019-07-11  Arnaud Charlet  <charlet@adacore.com>
 
        * errno.c: Remove obsolete support for MaRTE OS.

diff --git a/gcc/ada/libgnat/a-cfhama.adb b/gcc/ada/libgnat/a-cfhama.adb
index 2cdde01..580ca12 100644 (file)
--- a/gcc/ada/libgnat/a-cfhama.adb
+++ b/gcc/ada/libgnat/a-cfhama.adb
@@ -509,8 +509,11 @@ is
 
    procedure Free (HT : in out Map; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------

diff --git a/gcc/ada/libgnat/a-cfhase.adb b/gcc/ada/libgnat/a-cfhase.adb
index ae8ae12..8cc220c 100644 (file)
--- a/gcc/ada/libgnat/a-cfhase.adb
+++ b/gcc/ada/libgnat/a-cfhase.adb
@@ -760,8 +760,11 @@ is
 
    procedure Free (HT : in out Set; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------