[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Double free in Bison
From: |
Akim Demaille |
Subject: |
Re: Double free in Bison |
Date: |
Sat, 7 Sep 2019 18:18:45 +0200 |
Hi Marc!
> Le 6 sept. 2019 à 09:09, Marc Schönefeld <address@hidden> a écrit :
>
> Hi Akim,
>
> just encountered a problem with the current 3.4.1 download, which triggers an
> assertion condition instead of returning with a normal error return code.
> This undefined behavior may cause DoS-Problems for certain environments:
>
> bison abort.y
> abort.y:27.10-22: Warnung: Symbol "end-of-line" wird mehr als einmal als
> literale Zeichenkette benutzt [-Wother]
> 27 | EOF 0 "end-of-line"
> | ^~~~~~~~~~~~~
> abort.y:28.3-5: Warnung: Symbol EOF noch einmal deklariert [-Wother]
> 28 | EOF 0 "end-of-file"
> | ^~~
> bison: src/reader.c:839: check_and_convert_grammar: Zusicherung »nsyms ==
> ntokens + nvars« nicht erfüllt.
> Abgebrochen (Speicherabzug geschrieben)
>
> (gdb) bt
> #0 0x00007fffff065428 in __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:54
> #1 0x00007fffff06702a in __GI_abort () at abort.c:89
> #2 0x00007fffff05dbd7 in __assert_fail_base (fmt=<optimized out>,
> assertion=assertion@entry=0x451a69 "nsyms == ntokens + nvars",
> file=file@entry=0x451a5c "src/reader.c", line=line@entry=839,
> function=function@entry=0x451b90 <__PRETTY_FUNCTION__.6797>
> "check_and_convert_grammar") at assert.c:92
> #3 0x00007fffff05dc82 in __GI___assert_fail
> (assertion=assertion@entry=0x451a69 "nsyms == ntokens + nvars",
> file=file@entry=0x451a5c "src/reader.c", line=line@entry=839,
> function=function@entry=0x451b90 <__PRETTY_FUNCTION__.6797>
> "check_and_convert_grammar") at assert.c:101
> #4 0x0000000000423c88 in check_and_convert_grammar () at src/reader.c:839
> #5 reader () at src/reader.c:741
> #6 0x00000000004026ac in main (argc=2, argv=0x7ffffffede18) at src/main.c:104
> (gdb)
Good catch! This bug happens only when you define twice the EOF token
(numbered 0).
I'm installing this. Thanks!
commit 7d701f43789ab0f6150f0efb47904486a330e010
Author: Akim Demaille <address@hidden>
Date: Sat Sep 7 16:32:20 2019 +0200
fix: don't die when EOF token is defined twice
With
%token EOF 0 EOF 0
we get
input.y:3.14-16: warning: symbol EOF redeclared [-Wother]
3 | %token EOF 0 EOF 0
| ^~~
input.y:3.8-10: previous declaration
3 | %token EOF 0 EOF 0
| ^~~
Assertion failed: (nsyms == ntokens + nvars), function
check_and_convert_grammar,
file /Users/akim/src/gnu/bison/src/reader.c, line 839.
Reported by Marc Schönefeld.
* src/symtab.c (symbol_user_token_number_set): Register only the
first definition of the end of input token.
* tests/input.at (Symbol redeclared): Check that case.
diff --git a/THANKS b/THANKS
index a0e3af66..2df6763c 100644
--- a/THANKS
+++ b/THANKS
@@ -100,6 +100,7 @@ Lie Yan address@hidden
Magnus Fromreide address@hidden
Marc Autret address@hidden
Marc Mendiola address@hidden
+Marc Schönefeld address@hidden
Mark Boyall address@hidden
Martin Jacobs address@hidden
Martin Mokrejs address@hidden
diff --git a/src/symtab.c b/src/symtab.c
index 684fdf3d..7b0439ad 100644
--- a/src/symtab.c
+++ b/src/symtab.c
@@ -495,7 +495,7 @@ symbol_user_token_number_set (symbol *sym, int
user_token_number, location loc)
{
*user_token_numberp = user_token_number;
/* User defined $end token? */
- if (user_token_number == 0)
+ if (user_token_number == 0 && !endtoken)
{
endtoken = sym->content->symbol;
/* It is always mapped to 0, so it was already counted in
diff --git a/tests/input.at b/tests/input.at
index 660cacc9..40d6757a 100644
--- a/tests/input.at
+++ b/tests/input.at
@@ -624,7 +624,7 @@ AT_SETUP([Symbol redeclared])
AT_DATA([[input.y]],
[[%token FOO FOO
%token BAR 12 BAR 12
-
+%token EOF 0 EOF 0
%%
exp: FOO BAR
]])
@@ -642,6 +642,12 @@ input.y:2.15-17: warning: symbol BAR redeclared [-Wother]
input.y:2.8-10: previous declaration
2 | %token BAR 12 BAR 12
| ^~~
+input.y:3.14-16: warning: symbol EOF redeclared [-Wother]
+ 3 | %token EOF 0 EOF 0
+ | ^~~
+input.y:3.8-10: previous declaration
+ 3 | %token EOF 0 EOF 0
+ | ^~~
]])
AT_CLEANUP
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Double free in Bison,
Akim Demaille <=