Tom de Vries authored
In replace_operator_with_call, we resize the elts array like this: ... exp->nelts = exp->nelts + 7 - oplen; exp->resize (exp->nelts); ... Although all the current callers ensure that the new size is bigger, it could also be smaller, in which case the following memmove possibly reads out of bounds: ... memmove (exp->elts + pc + 7, exp->elts + pc + oplen, EXP_ELEM_TO_BYTES (save_nelts - pc - oplen)); ... Fix this by doing the resize after the memmove in case the new size is smaller. Tested on x86_64-linux. gdb/ChangeLog: 2020-12-07 Tom de Vries <firstname.lastname@example.org> * ada-lang.c (replace_operator_with_call): Handle shrink resize.f51f9f1d
To find the state of this project's repository at the time of any of these versions, check out the tags.