Avoid possible errors when using postfix ++/-- on pointer expressions.

There was code that would attempt to use the cType field of the type record, but this is only valid for scalar types, not pointer types. In the case of a pointer type, the upper two bytes of the pointer would be interpreted as a cType value, and if they happened to have one of the values being tested for, incorrect intermediate code would be generated. The lower two bytes of the pointer would be used as a baseType value; this would most likely result in "compiler error" messages from the code generator, but might cause incorrect code generation with no errors if that value happened to correspond to a real baseType. Code like the following might cause this error, although it only occurs if pointers have certain values and therefore depends on the memory layout at compile time: void f(const int **p) { (*p)++; } This bug was introduced in commit f2a66a524a.
2024-02-09 20:41:53 -06:00 · 2024-02-09 20:41:53 -06:00 · a646a03b5e
parent 7ca30d7784
commit a646a03b5e
2 changed files with 10 additions and 4 deletions
--- a/Expression.pas
+++ b/Expression.pas
@ -3314,8 +3314,10 @@ var
         else
            Gen2t(pc_ind, ord(tqVolatile in expressionType^.qualifiers), 0, tp);
         if pc_l in [pc_lli,pc_lld] then
-            if expressionType^.cType in [ctBool,ctFloat,ctDouble,ctLongDouble,
-               ctComp] then begin
+            if (expressionType^.kind = scalarType) and
+               (expressionType^.cType in
+                  [ctBool,ctFloat,ctDouble,ctLongDouble,ctComp])
+               then begin
               t1 := GetTemp(ord(expressionType^.size));
               Gen2t(pc_cop, t1, 0, expressionType^.baseType);
               end; {if}
@ -3326,8 +3328,10 @@ var
            Gen0t(pc_cpi, tp);
         Gen0t(pc_bno, tp);
         if pc_l in [pc_lli,pc_lld] then {correct the value for postfix ops}
-            if expressionType^.cType in [ctBool,ctFloat,ctDouble,ctLongDouble,
-               ctComp] then begin
+            if (expressionType^.kind = scalarType) and
+               (expressionType^.cType in
+                  [ctBool,ctFloat,ctDouble,ctLongDouble,ctComp])
+               then begin
               Gen0t(pc_pop, expressionType^.baseType);
               Gen2t(pc_lod, t1, 0, expressionType^.baseType);
               Gen0t(pc_bno, expressionType^.baseType);
--- a/cc.notes
+++ b/cc.notes
@ -1598,6 +1598,8 @@ If you use #pragma debug 0x0010 to enable stack check debug code, the compiler w

 4.  A compile error is no longer reported for code that divides an integer constant by zero (e.g. 1/0).  Such code will produce undefined behavior if it is executed, but since the compiler cannot always determine whether the code will be executed at run time, this is no longer treated as an error that prevents compilation.  If #pragma lint bit 5 is set, a lint message about the division by zero will still be produced.  An error will also still be reported for division by zero in constant expressions that need to be evaluated at compile time.  

+5.  In some obscure circumstances, ORCA/C might behave incorrectly when the postfix ++ or -- operators were used on an expression of pointer type.  This would typically result in "compiler error" messages, but could potentially also cause incorrect code to be generated without any errors being reported.
+
 -- Bugs from C 2.1.1 B3 that have been fixed in C 2.2.0 ---------------------

 1.  There were various bugs that could cause incorrect code to be generated in certain cases.  Some of these were specific to certain optimization passes, alone or in combination.