From: Claire Dross <dross@adacore.com>
Date: Thu, 11 Jul 2019 08:02:44 +0000 (+0000)
Subject: [Ada] Memory corruption when using formal hashed sets or maps
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=1048a1839fde97a1bd790b002dad8b79e172724f;p=gcc.git

[Ada] Memory corruption when using formal hashed sets or maps

Add a check to avoid causing a buffer overflow when the map is empty

2019-07-11  Claire Dross  <dross@adacore.com>

gcc/ada/

	* libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
	reset the Has_Element flag if no element is freed.

From-SVN: r273397
---

diff --git a/gcc/ada/ChangeLog b/gcc/ada/ChangeLog
index a38990f3b45..2f8ad77e540 100644
--- a/gcc/ada/ChangeLog
+++ b/gcc/ada/ChangeLog
@@ -1,3 +1,8 @@
+2019-07-11  Claire Dross  <dross@adacore.com>
+
+	* libgnat/a-cfhama.adb, libgnat/a-cfhase.adb (Free): Do not
+	reset the Has_Element flag if no element is freed.
+
 2019-07-11  Arnaud Charlet  <charlet@adacore.com>
 
 	* errno.c: Remove obsolete support for MaRTE OS.
diff --git a/gcc/ada/libgnat/a-cfhama.adb b/gcc/ada/libgnat/a-cfhama.adb
index 2cdde018250..580ca12671f 100644
--- a/gcc/ada/libgnat/a-cfhama.adb
+++ b/gcc/ada/libgnat/a-cfhama.adb
@@ -509,8 +509,11 @@ is
 
    procedure Free (HT : in out Map; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------
diff --git a/gcc/ada/libgnat/a-cfhase.adb b/gcc/ada/libgnat/a-cfhase.adb
index ae8ae128e10..8cc220c17d5 100644
--- a/gcc/ada/libgnat/a-cfhase.adb
+++ b/gcc/ada/libgnat/a-cfhase.adb
@@ -760,8 +760,11 @@ is
 
    procedure Free (HT : in out Set; X : Count_Type) is
    begin
-      HT.Nodes (X).Has_Element := False;
-      HT_Ops.Free (HT, X);
+      if X /= 0 then
+         pragma Assert (X <= HT.Capacity);
+         HT.Nodes (X).Has_Element := False;
+         HT_Ops.Free (HT, X);
+      end if;
    end Free;
 
    ----------------------