[5/8] Fix latent bug in msp430-tdep.c

Message ID	20180923040814.27941-6-tom@tromey.com
State	New, archived
Headers	Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk Sender: gdb-patches-owner@sourceware.org From: Tom Tromey <tom@tromey.com> To: gdb-patches@sourceware.org Cc: Tom Tromey <tom@tromey.com> Subject: [PATCH 5/8] Fix latent bug in msp430-tdep.c Date: Sat, 22 Sep 2018 22:08:11 -0600 Message-Id: <20180923040814.27941-6-tom@tromey.com> In-Reply-To: <20180923040814.27941-1-tom@tromey.com> References: <20180923040814.27941-1-tom@tromey.com>

Message ID

20180923040814.27941-6-tom@tromey.com

State

New, archived

Headers

Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: gdb-patches-owner@sourceware.org
From: Tom Tromey <tom@tromey.com>
To: gdb-patches@sourceware.org
Cc: Tom Tromey <tom@tromey.com>
Subject: [PATCH 5/8] Fix latent bug in msp430-tdep.c
Date: Sat, 22 Sep 2018 22:08:11 -0600
Message-Id: <20180923040814.27941-6-tom@tromey.com>
In-Reply-To: <20180923040814.27941-1-tom@tromey.com>
References: <20180923040814.27941-1-tom@tromey.com>

Commit Message

Tom Tromey Sept. 23, 2018, 4:08 a.m. UTC

  -Wshadow=local found this latent bug.  msp430-tdep.c does:

    const gdb_byte *arg_bits;
    {
      /* Aggregates of any size are passed by reference.  */
      gdb_byte struct_addr[4];
[...
      arg_bits = struct_addr;
    }
    ... use arg_bits

Here, arg_bits can point to an object that's gone out of scope.

The fix is to hoist the inner "struct_addr" buffer to an outer scope,
and rename it to avoid shadowing.

gdb/ChangeLog
2018-09-22  Tom Tromey  <tom@tromey.com>

	* msp430-tdep.c (msp430_push_dummy_call): Rename inner
	"structs_addr" and hoist declaration.
---
 gdb/ChangeLog     | 5 +++++
 gdb/msp430-tdep.c | 7 +++----
 2 files changed, 8 insertions(+), 4 deletions(-)

Comments

Kevin Buettner Oct. 12, 2018, 4:10 a.m. UTC | #1

On Sat, 22 Sep 2018 22:08:11 -0600
Tom Tromey <tom@tromey.com> wrote:

> -Wshadow=local found this latent bug.  msp430-tdep.c does:
> 
>     const gdb_byte *arg_bits;
>     {
>       /* Aggregates of any size are passed by reference.  */
>       gdb_byte struct_addr[4];
> [...
>       arg_bits = struct_addr;
>     }
>     ... use arg_bits
> 
> Here, arg_bits can point to an object that's gone out of scope.
> 
> The fix is to hoist the inner "struct_addr" buffer to an outer scope,
> and rename it to avoid shadowing.
> 
> gdb/ChangeLog
> 2018-09-22  Tom Tromey  <tom@tromey.com>
> 
> 	* msp430-tdep.c (msp430_push_dummy_call): Rename inner
> 	"structs_addr" and hoist declaration.

LGTM.

Kevin

diff mbox

Patch

diff --git a/gdb/msp430-tdep.c b/gdb/msp430-tdep.c
index b6e062a380..427f58c0ed 100644
--- a/gdb/msp430-tdep.c
+++ b/gdb/msp430-tdep.c
@@ -715,6 +715,7 @@  msp430_push_dummy_call (struct gdbarch *gdbarch, struct value *function,
 	  ULONGEST arg_size = TYPE_LENGTH (arg_type);
 	  int offset;
 	  int current_arg_on_stack;
+	  gdb_byte struct_addr_buf[4];
 
 	  current_arg_on_stack = 0;
 
@@ -722,11 +723,9 @@  msp430_push_dummy_call (struct gdbarch *gdbarch, struct value *function,
 	      || TYPE_CODE (arg_type) == TYPE_CODE_UNION)
 	    {
 	      /* Aggregates of any size are passed by reference.  */
-	      gdb_byte struct_addr[4];
-
-	      store_unsigned_integer (struct_addr, 4, byte_order,
+	      store_unsigned_integer (struct_addr_buf, 4, byte_order,
 				      value_address (arg));
-	      arg_bits = struct_addr;
+	      arg_bits = struct_addr_buf;
 	      arg_size = (code_model == MSP_LARGE_CODE_MODEL) ? 4 : 2;
 	    }
 	  else