Case statement does not handle out of bounds value of enumerated type, crashes instead
Original Reporter info from Mantis: Ville Krumlinde
-
Reporter name:
Original Reporter info from Mantis: Ville Krumlinde
- Reporter name:
Description:
See attached files.
Case statement has generated jump table for enumerated type but does not test that value is in the enumeration, so it reads random address and jumps to it, leading to crash.
Excepted result is that it should jump to "else" statement.
This is in latest trunk build. It was working in Fpc build 3-6 months ago.
In the attached generated asm the case is compiled to this:
# [20] case global1 of
andl $255,%eax
leaq Ld1(%rip),%rdx
movslq (%rdx,%rax,4),%rax
addq %rdx,%rax
jmp *%rax
There is no check that the value is in range of the jump table.
Steps to reproduce:
Build attached file and run it. It will crash.
Mantis conversion info:
- Mantis ID: 35603
- Build: 3.3.1 [2019/05/20] for x86_x64
- Version: 3.3.1
- Monitored by: » @MageSlayer (Denis Golovan), » @CuriousKit (J. Gareth Moreton)