[Ada] Memory corruption when using formal hashed sets or maps

Add a check to avoid causing a buffer overflow when the map is empty

2019-07-11  Claire Dross  <dross@adacore.com>

gcc/ada/

	* libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
	reset the Has_Element flag if no element is freed.

From-SVN: r273397

diff --git a/gcc/ada/ChangeLog b/gcc/ada/ChangeLog
index a38990f3b452172f05e1cbfbbfe824e46b64b276..2f8ad77e5405f3ed649f8ef650e4c3d2dddd5852 100644 (file)
--- a/gcc/ada/ChangeLog
+++ b/gcc/ada/ChangeLog
@@ -1,3 +1,8 @@
+2019-07-11  Claire Dross  <dross@adacore.com>
+
+       * libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
+       reset the Has_Element flag if no element is freed.
+
 2019-07-11  Arnaud Charlet  <charlet@adacore.com>
 
        * errno.c: Remove obsolete support for MaRTE OS.

diff --git a/gcc/ada/libgnat/a-cfhama.adb b/gcc/ada/libgnat/a-cfhama.adb
index 2cdde01825069ecf1a56af5b8912a7ba748f4812..580ca12671fc8de3eb1e48dce6605ce677e5d6db 100644 (file)
--- a/gcc/ada/libgnat/a-cfhama.adb
+++ b/gcc/ada/libgnat/a-cfhama.adb
@@ -509,8 +509,11 @@ is
 
    procedure Free (HT : in out Map; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------

diff --git a/gcc/ada/libgnat/a-cfhase.adb b/gcc/ada/libgnat/a-cfhase.adb
index ae8ae128e104707035757f348b2c21ac085745fd..8cc220c17d5a6804f0009fe0175d635a83f18687 100644 (file)
--- a/gcc/ada/libgnat/a-cfhase.adb
+++ b/gcc/ada/libgnat/a-cfhase.adb
@@ -760,8 +760,11 @@ is
 
    procedure Free (HT : in out Set; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------