Update.

2000-07-29  Greg McGary  <greg@mcgary.org>

	* Rules (test-bp-inputs, make-test-out): New variables.
	($(objpfx)%-bp.out): New rule.
	($(objpfx)%.out): Rewrite in terms of new variables.

	* libio/iovswscanf.c (vswscanf): Pass _IO_FILE_plus pointer to
	internal function that uses vtable.
	* libio/vsnprintf.c (_IO_vsnprintf): Likewise.
	* libio/vswprintf.c (_IO_vswprintf): Likewise.

	* malloc/malloc.c (mem2chunk): Define in terms of chunk_at_offset.
	(malloc_extend_top): Convert brk to chunk using chunk_at_offset.
	(chunk_align): Likewise.

	* time/asctime.c (ab_day_name, ab_month_name): Rewrite expression
	in a way that conforms to decl, and avoids spurious bounds violation.

	* sysdeps/arm/frame.h (struct layout): Make pointers __unbounded.
	* sysdeps/generic/frame.h: Likewise.
	* sysdeps/generic/backtrace.c (ADVANCE_STACK_FRAME): Wrap bounds
	around return value.
	(__backtrace): Qualify frame-pointer chain and return address
	pointers as __unbounded.  Wrap bounds around variable `current'.
	* sysdeps/generic/segfault.c (ADVANCE_STACK_FRAME): Wrap bounds
	around return value.
	(catch_segfault): Qualify frame-pointer chain and return address
	pointers as __unbounded.  Wrap bounds around variable `current'.
	* sysdeps/i386/backtrace.c (struct layout): Make pointers __unbounded.
	(ADVANCE_STACK_FRAME): Wrap bounds around return value.
	* sysdeps/powerpc/backtrace.c (struct layout): Make pointers __unbounded.
	(__backtrace): Qualify frame-pointer chain and return address
	pointers as __unbounded.  Wrap bounds around variable `current'.

	* sysdeps/i386/addmul_1.S: s2_limb is scalar so remove bounds check.
	* sysdeps/i386/mul_1.S: Likewise.
	* sysdeps/i386/submul_1.S: Likewise.
	* sysdeps/i386/i586/addmul_1.S: Likewise.
	* sysdeps/i386/i586/mul_1.S: Add bounds checks.
	* sysdeps/i386/i586/submul_1.S: Likewise.

1 files changed, 8 insertions, 6 deletions

diff --git a/sysdeps/generic/segfault.c b/sysdeps/generic/segfault.c
index 41e3aa54d8..24ed3f8308 100644
--- a/sysdeps/generic/segfault.c
+++ b/sysdeps/generic/segfault.c
@@ -1,5 +1,5 @@
 /* Catch segmentation faults and print backtrace.
-   Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+   Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
 
@@ -28,6 +28,8 @@
 #include <unistd.h>
 #include <stdio-common/_itoa.h>
 
+#include <bp-checks.h>
+
 /* Get the definition of "struct layout".  */
 #include <frame.h>
 
@@ -69,7 +71,7 @@ extern void *__libc_stack_end;
 /* By default assume the `next' pointer in struct layout points to the
    next struct layout.  */
 #ifndef ADVANCE_STACK_FRAME
-# define ADVANCE_STACK_FRAME(next) ((struct layout *) (next))
+# define ADVANCE_STACK_FRAME(next) BOUNDED_1 ((struct layout *) (next))
 #endif
 
 /* We'll use tis a lot.  */
@@ -103,8 +105,8 @@ static void
 catch_segfault (int signal, SIGCONTEXT ctx)
 {
   struct layout *current;
-  void *top_frame;
-  void *top_stack;
+  void *__unbounded top_frame;
+  void *__unbounded top_stack;
   int fd;
   void **arr;
   size_t cnt;
@@ -135,7 +137,7 @@ catch_segfault (int signal, SIGCONTEXT ctx)
 
   /* First count how many entries we'll have.  */
   cnt = 1;
-  current = (struct layout *) top_frame;
+  current = BOUNDED_1 ((struct layout *) top_frame);
   while (!((void *) current INNER_THAN top_stack
 	   || !((void *) current INNER_THAN __libc_stack_end)))
     {
@@ -149,7 +151,7 @@ catch_segfault (int signal, SIGCONTEXT ctx)
   /* First handle the program counter from the structure.  */
   arr[0] = GET_PC (ctx);
 
-  current = (struct layout *) top_frame;
+  current = BOUNDED_1 ((struct layout *) top_frame);
   cnt = 1;
   while (!((void *) current INNER_THAN top_stack
 	   || !((void *) current INNER_THAN __libc_stack_end)))