bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Segfault on function crashing argument

From: Aharon Robbins
Subject: Re: Segfault on function crashing argument
Date: Thu, 18 Feb 2010 22:48:40 +0200 
Hi.

> Date: Thu, 18 Feb 2010 20:04:22 +0100
> From: Seb <address@hidden>
> To: Aharon Robbins <address@hidden>
> Cc: address@hidden
> Subject: Re: Segfault on function crashing argument
>
> Le Wed, 17 Feb 2010 23:23:37 +0200
> Aharon Robbins <address@hidden> a =E9crit:
>
> Hi,
>
> [...]
>
> > This is a bug. Thank you for reporting it.  The patch below fixes it.
>
> Thank you very much for this fast response! :)
>
> I've tested the patch, it has effectively fixed the bug in the posted example,
> but the application I'm working on still complained. Further investigation 
> shows
> that the patch is effiscient in the BEGIN context but not in the common rules.
>
> I attached a new crash-test script, here are the results I get:
>
> $ echo foo | gawk -f debug.awk - 1
>  <BEGIN CONTEXT> true(1, crash()) =3D> crash properly.
>
> $ echo foo | gawk -f debug.awk  -=20
>  <RULE CONTEXT> true(1, crash()) =3D> do not crash properly.
>  gawk: debug.awk:5: (FILENAME=3D- FNR=3D1) fatal error: internal error: seg=
> fault
>  Abandon
>
> ++
> Seb.
>
> --Multipart=_Thu__18_Feb_2010_20_04_22_+0100_BqK5HiQvJ5biEuvv
> Content-Type: application/octet-stream;
>  name="debug.awk"
> Content-Disposition: attachment;
>  filename="debug.awk"
> Content-Transfer-Encoding: base64
>
> #!/bin/awk -f
> 
> function crash () {
>     exit 1
> }
> 
> function true (a,b,c) {
>     return 1
> }
> 
> BEGIN {
>     if (ARGV[2] == 1) {
>         print "<BEGIN CONTEXT> true(1, crash()) => crash properly."
>         true(1, crash())
>     }
> }
> 
> {
>         print "<RULE CONTEXT> true(1, crash()) => do not crash properly."
>         true(1, crash())
> }
> 
> # FdF
>
> --Multipart=_Thu__18_Feb_2010_20_04_22_+0100_BqK5HiQvJ5biEuvv--

OK. So it's another bug. Here is the fix.  Thanks for the report.

Arnold
-----------------------------------------------------------------------
Thu Feb 18 22:44:01 201  Arnold D. Robbins  <address@hidden>0

        * eval.c (push_args): Clear the stack to NULL pointers after mallocing
        it. Fixes yesterday's problem when called from a rule.
        See test/fcall_exit2.awk.  Thanks to Seb <address@hidden>.

Index: eval.c
===================================================================
RCS file: /d/mongo/cvsrep/gawk-stable/eval.c,v
retrieving revision 1.18
diff -u -r1.18 eval.c
--- eval.c      17 Feb 2010 21:26:39 -0000      1.18
+++ eval.c      18 Feb 2010 20:43:02 -0000
@@ -1814,9 +1814,12 @@
                        fcall_list_size * sizeof(struct fcall), "push_args");
        }
 
-       if (count > 0)
-               emalloc(fcalls[curfcall].stack, NODE **, count*sizeof(NODE *), 
"push_args");
-       else
+       if (count > 0) {
+               size_t nbytes = count * sizeof(NODE *);
+
+               emalloc(fcalls[curfcall].stack, NODE **, nbytes, "push_args");
+               memset(fcalls[curfcall].stack, 0, nbytes);      /* Make sure 
these are all NULL pointers. */
+       } else
                fcalls[curfcall].stack = NULL;
        fcalls[curfcall].count = count;
        fcalls[curfcall].fname = func_name;     /* not used, for debugging, 
just in case */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]