[PATCH 4/4] ielr: fix crash on memory management

bug-bison

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 4/4] ielr: fix crash on memory management

From:	Akim Demaille
Subject:	[PATCH 4/4] ielr: fix crash on memory management
Date:	Fri, 26 Jun 2020 07:56:47 +0200

Reported by Dwight Guth.
https://lists.gnu.org/r/bug-bison/2020-06/msg00037.html

* src/AnnotationList.c (AnnotationList__computePredecessorAnnotations):
Beware that SBITSET__FOR_EACH nests _two_ for-loops, so "break" does
not actually break out of it.
That was the only occurrence in the code.
* src/Sbitset.h (SBITSET__FOR_EACH): Warn passersby.
---
 THANKS               | 1 +
 src/AnnotationList.c | 4 +++-
 src/Sbitset.h        | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/THANKS b/THANKS
index 36df5e29..af24ceaa 100644
--- a/THANKS
+++ b/THANKS
@@ -59,6 +59,7 @@ Di-an Jan                 dianj@freeshell.org
 Dick Streefland           dick.streefland@altium.nl
 Didier Godefroy           dg@ulysium.net
 Don Macpherson            donmac703@gmail.com
+Dwight Guth               dwight.guth@runtimeverification.com
 Efi Fogel                 efifogel@gmail.com
 Enrico Scholz             enrico.scholz@informatik.tu-chemnitz.de
 Eric Blake                ebb9@byu.net
diff --git a/src/AnnotationList.c b/src/AnnotationList.c
index a95a67be..421643b2 100644
--- a/src/AnnotationList.c
+++ b/src/AnnotationList.c
@@ -276,7 +276,8 @@ AnnotationList__computePredecessorAnnotations (
                         obstack_free (annotations_obstackp,
                                       annotation_node->contributions[ci]);
                         annotation_node->contributions[ci] = NULL;
-                        break;
+                        // "Break" out of SBITSET__FOR_EACH.
+                        goto after_sbitset__for_each;
                       }
                     else
                       {
@@ -309,6 +310,7 @@ AnnotationList__computePredecessorAnnotations (
                                     predecessor_item);
                   }
               }
+          after_sbitset__for_each:;
           }
           if (annotation_node->contributions[ci])
             {
diff --git a/src/Sbitset.h b/src/Sbitset.h
index 997dab2f..c54def4e 100644
--- a/src/Sbitset.h
+++ b/src/Sbitset.h
@@ -81,6 +81,8 @@ void Sbitset__fprint (Sbitset self, Sbitset__Index nbits, 
FILE *file);
       *ptr_self = *ptr_other1 | *ptr_other2;                            \
   } while (0)
 
+/* ATTENTION: there are *two* loops here, "break" and "continue" will
+   not apply to the whole loop, just the inner one.  */
 # define SBITSET__FOR_EACH(SELF, NBITS, ITER, INDEX)                    \
   for ((ITER) = (SELF); (ITER) < (SELF) + Sbitset__nbytes (NBITS); ++(ITER)) \
     if (*(ITER) != 0)                                                   \
-- 
2.27.0

[Prev in Thread]

Current Thread

[Next in Thread]

Memory corruption bug causes crash in bison 3.6.4, Dwight Guth, 2020/06/24
- [PATCH 0/4] Fix crash when generating IELR, Akim Demaille, 2020/06/26
  - [PATCH 1/4] style: clean up ielr, Akim Demaille, 2020/06/26
  - [PATCH 2/4] style: clean up nullable, Akim Demaille, 2020/06/26
  - [PATCH 3/4] style: factor the access to a rule from its items, Akim Demaille, 2020/06/26
  - [PATCH 4/4] ielr: fix crash on memory management, Akim Demaille <=
  - Re: [PATCH 0/4] Fix crash when generating IELR, Dwight Guth, 2020/06/26
    - Re: [PATCH 0/4] Fix crash when generating IELR, Akim Demaille, 2020/06/27

Prev by Date: [PATCH 3/4] style: factor the access to a rule from its items
Next by Date: Re: [PATCH 0/4] Fix crash when generating IELR
Previous by thread: [PATCH 3/4] style: factor the access to a rule from its items
Next by thread: Re: [PATCH 0/4] Fix crash when generating IELR
Index(es):
- Date
- Thread