[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Gawk master problems with -fsanitize=undefined
|
From: |
Paul Eggert |
|
Subject: |
Gawk master problems with -fsanitize=undefined |
|
Date: |
Wed, 18 Dec 2019 16:11:22 -0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 |
I tried building Gawk master on Fedora 31 x86-64 as follows:
./configure
make CFLAGS='-g3 -O2 -fsanitize=undefined'
I found two bugs; the first is trivial and has an obvious fix and the
second I don't offhand know how to fix. There may be more bugs, but I
stopped after the second bug.
A patch to the first bug is attached. The C Standard doesn't allow
memcpy (..., NULL, 0), and -fsanitize=undefined reports this as an
error. Although I don't know of platforms where such a memcpy fails,
it's better to be safer, as in the attached patch.
The second bug has the following symptoms:
$ ./gawk -f test/synerr3.awk
gawk: test/synerr3.awk:1: for (i = ) in foo bar baz
gawk: test/synerr3.awk:1: ^ syntax error
gawk: test/synerr3.awk:1: for (i = ) in foo bar baz
gawk: test/synerr3.awk:1: ^ syntax error
awkgram.y:1720:23: runtime error: member access within null pointer
of type 'struct exp_instruction'
This appears to be related to the following code in awkgram.y:
$4->opcode = Op_in_array;
if ($2 == NULL) { /* error */
errcount++;
$4->expr_count = 0;
$$ = list_merge($5, $4);
Here, $4's opcode is Op_in_array, and yet list_merge (when GAWKDEBUG is
defined) asserts that $4's opcode must be Op_list. The list_merge sets
$4->lasti to NULL, and when line 1720 of awkgram.y later dereferences
lasti it gets into trouble.
0001-Fix-memcpy-issue-found-by-fsanitize-undefined.patch
Description: Text Data
- Gawk master problems with -fsanitize=undefined,
Paul Eggert <=