[Confuse-devel] segfault in libconfuse when using include() in cfg

confuse-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Confuse-devel] segfault in libconfuse when using include() in cfg_parse

From:	Carlo Marcelo Arenas Belon
Subject:	[Confuse-devel] segfault in libconfuse when using include() in cfg_parse_buf
Date:	Sun, 30 Nov 2008 08:10:56 +0000
User-agent:	Mutt/1.5.13 (2006-08-11)

Greetings,

the following (hello.c) modified version of the "hello world" example
from the tutorial segfaults when running with the "--buffer" option, as
shown by the following backtrace from a linux amd64 system :

Program received signal SIGSEGV, Segmentation fault.
0x0000000000404515 in cfg_yy_load_buffer_state () at lexer.c:1707
1707            (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
(gdb) bt
#0  0x0000000000404515 in cfg_yy_load_buffer_state () at lexer.c:1707
#1  0x0000000000404a9d in cfg_yy_switch_to_buffer (new_buffer=0x0) at
lexer.c:1695
#2  0x0000000000404b3c in cfg_scan_string_end () at lexer.l:340
#3  0x0000000000403fe1 in cfg_parse_buf (cfg=<value optimized out>,
buf=0x60a310 "include (\"name.conf\")\n") at confuse.c:1088
#4  0x000000000040179c in main (argc=<value optimized out>,
argv=0x7fff13cd3108) at hello.c:33

the obvious patch avoids the segfault but interrupts the configuration
processing after the include is completed and is therefore incorrect :

Index: src/lexer.l
===================================================================
RCS file: /sources/confuse/confuse/src/lexer.l,v
retrieving revision 1.13
diff -u -r1.13 lexer.l
--- src/lexer.l 13 Oct 2007 20:01:45 -0000      1.13
+++ src/lexer.l 30 Nov 2008 07:34:10 -0000
@@ -336,7 +336,8 @@
     /* restore to previous state
      */
     yy_delete_buffer(string_scan_state);
-    yy_switch_to_buffer(pre_string_scan_state);
+    if (pre_string_scan_state)
+        yy_switch_to_buffer(pre_string_scan_state);
     free(cfg_qstring);
     cfg_qstring = 0;
     qstring_index = qstring_len = 0;

looking at the cfg_include code it would seem that most of it is designed
to manipulate file buffers and therefore string manipulation (specially
as used in cfg_scan_string_*) for memory buffers isn't expected to be used
in this context.

does anyone with a better insight into libconfuse internals could comment?
and if that is the case is there a better way to signal and error other
than a segfault?

Carlo

hello.conf
Description: Text document

name.conf
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Confuse-devel] segfault in libconfuse when using include() in cfg_parse_buf, Carlo Marcelo Arenas Belon <=
- Re: [Confuse-devel] segfault in libconfuse when using include() in cfg_parse_buf, Carlo Marcelo Arenas Belon, 2008/11/30

Prev by Date: [Confuse-devel] About cfg_validate_callback_t (and little tutorial improvement)
Next by Date: Re: [Confuse-devel] segfault in libconfuse when using include() in cfg_parse_buf
Previous by thread: [Confuse-devel] About cfg_validate_callback_t (and little tutorial improvement)
Next by thread: Re: [Confuse-devel] segfault in libconfuse when using include() in cfg_parse_buf
Index(es):
- Date
- Thread