gnu /
gcc /
09b0aacb5fce94199b269a9a37b697899f5a1ab3 ada: Fix buffer overflow for function call returning discriminated limited record
This occurs when the discriminated limited record type is declared with
default values for its discriminants, is not controlled, and the context
of the call is anonymous, i.e. the result of the call is not assigned
to an object. In this case, a temporary is created to hold the result
of the call, with the default values of the discriminants, but the result
may have different values for the discriminants and, in particular, may
be larger than the temporary, which leads to a buffer overflow.
This problem does not occur when the context is an object declaration, so
the fix just makes sure that the expansion in an anonymous context always
uses the model of an object declaration. It requires a minor tweak to the
helper function Entity_Of of the Sem_Util package.
gcc/ada/ChangeLog:
* exp_ch6.adb (Expand_Actuals): Remove obsolete comment.
(Make_Build_In_Place_Call_In_Anonymous_Context): Always use a proper
object declaration initialized with the function call in the cases
where a temporary is needed, with Assignment_OK set on it.
* sem_util.adb (Entity_Of): Deal with rewritten function call first.
2 files changed
