[Ada] Integer overflow in SS_Allocate
This patch imposes a new check and rewrites existing ones to ensure operations
involving SS_Ptr do not cause an Integer overflow. The Default_Sec_Stack_Size
function was removed in the process to simplify System.Parameter.
SS_Ptr was derived from the integer System.Parameters.Size_Type to ease the
creation of objects of type SS_Stack by the binder and imposes a maximum
secondary stack size of 2GB. In most cases, the user will not hit this limit as
they cannot specify task stack sizes of more than 2GB via the Storage_Size and
Secondary_Stack_Size pragmas. Additionally, most operating systems limit the
primary stack size to less than 2GB, with defaults under 10MB. Linux is the
rare exception where the user can unbound the primary stack.
Executing the following:
gnatmake -q overflow
./overflow
must yield:
raised STORAGE_ERROR : s-secsta.adb:140 explicit raise
-- overflow.adb:
with String_Pack;
procedure Overflow is
begin
null;
end Overflow;
-- string_pack.ads:
package String_Pack is
function Return_Big_String return String;
end String_Pack;
-- string_pack.adb:
with Ada.Strings.Fixed; use Ada.Strings.Fixed;
package body String_Pack is
function Return_Big_String return String is
begin
return Integer'Last * "P";
end Return_Big_String;
S : String := Return_Big_String;
end String_Pack;
2018-01-11 Patrick Bernardi <bernardi@adacore.com>
gcc/ada/
* libgnat/s-parame*.adb, libgnat/s-parame*.ads: Remove unneeded
Default_Sec_Stack_Size.
* libgnat/s-secsta.adb (SS_Allocate): Handle the fixed secondary stack
limit check so that the integer index does not overflow. Check the
dynamic stack allocation does not cause the secondary stack pointer to
overflow.
(SS_Info): Align colons.
(SS_Init): Cover the case when bootstraping with an old compiler that
does not set Default_SS_Size.
From-SVN: r256492
projects / gcc.git / commit