From 1048a1839fde97a1bd790b002dad8b79e172724f Mon Sep 17 00:00:00 2001 From: Claire Dross Date: Thu, 11 Jul 2019 08:02:44 +0000 Subject: [PATCH] [Ada] Memory corruption when using formal hashed sets or maps Add a check to avoid causing a buffer overflow when the map is empty 2019-07-11 Claire Dross gcc/ada/ * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not reset the Has_Element flag if no element is freed. From-SVN: r273397 --- gcc/ada/ChangeLog | 5 +++++ gcc/ada/libgnat/a-cfhama.adb | 7 +++++-- gcc/ada/libgnat/a-cfhase.adb | 7 +++++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/gcc/ada/ChangeLog b/gcc/ada/ChangeLog index a38990f..2f8ad77 100644 --- a/gcc/ada/ChangeLog +++ b/gcc/ada/ChangeLog @@ -1,3 +1,8 @@ +2019-07-11 Claire Dross + + * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not + reset the Has_Element flag if no element is freed. + 2019-07-11 Arnaud Charlet * errno.c: Remove obsolete support for MaRTE OS. diff --git a/gcc/ada/libgnat/a-cfhama.adb b/gcc/ada/libgnat/a-cfhama.adb index 2cdde01..580ca12 100644 --- a/gcc/ada/libgnat/a-cfhama.adb +++ b/gcc/ada/libgnat/a-cfhama.adb @@ -509,8 +509,11 @@ is procedure Free (HT : in out Map; X : Count_Type) is begin - HT.Nodes (X).Has_Element := False; - HT_Ops.Free (HT, X); + if X /= 0 then + pragma Assert (X <= HT.Capacity); + HT.Nodes (X).Has_Element := False; + HT_Ops.Free (HT, X); + end if; end Free; ---------------------- diff --git a/gcc/ada/libgnat/a-cfhase.adb b/gcc/ada/libgnat/a-cfhase.adb index ae8ae12..8cc220c 100644 --- a/gcc/ada/libgnat/a-cfhase.adb +++ b/gcc/ada/libgnat/a-cfhase.adb @@ -760,8 +760,11 @@ is procedure Free (HT : in out Set; X : Count_Type) is begin - HT.Nodes (X).Has_Element := False; - HT_Ops.Free (HT, X); + if X /= 0 then + pragma Assert (X <= HT.Capacity); + HT.Nodes (X).Has_Element := False; + HT_Ops.Free (HT, X); + end if; end Free; ---------------------- -- 2.7.4