|
From: | mekanofox |
Subject: | Re: indirect function call issues (2) |
Date: | Thu, 16 Jan 2025 07:30:44 -0800 |
User-agent: | Purely Mail via Roundcube/1.6.8 |
So, yep, it can still jump -- lightly -- off the rails ... When our friend "force_string_fmt" receives a Node_param_list, it lets it pass further down. Then the "r_format_val" expects a *value*, of course, and could write into fields that are not valid for a parameter (i.e. trying to set strndmode to MPFR_round_mode, in case of a MPFR build, which anyway is the default; well, that clobbers the "name" of the parameter ! I'll try to come up with a minimal test that hits this, so at least is part of the 'check'...)
I ended up calming it down as below ... Notice what starts to be a familiar code snippet, that transformation from param_list into actual var/value, whatever it is ... The same thing showed up in the fixes for do_typeof/do_isarray, so at some point it would be worth factoring it out into a small inline function.
Again, no leaks from valgrinding the test here and the 'make valgrind'. At a minimum this could give some ideas on potential paths for a fix ... diff --git a/awk.h b/awk.h index b8f01329d..d756278dd 100644 --- a/awk.h +++ b/awk.h@@ -1981,6 +1981,17 @@ force_string_fmt(NODE *s, const char *fmtstr, int fmtidx)
return s; } + if (s->type == Node_param_list) { + s = GET_PARAM(s->param_cnt); + if (s->type == Node_array_ref) { + s = s->orig_array; + } + } + + if (s->type == Node_var_new) { + s = dupnode(Nnull_string); + } + if ((s->flags & STRCUR) != 0 && (s->stfmt == STFMT_UNUSED || (s->stfmt == fmtidx #ifdef HAVE_MPFR On 2025-01-16 01:10, mekanofox via "Bug reports only for gawk." wrote:
Sorry, I should have given more details about the context of that patch.When applied on the master branch, indeed, it causes leaks.But I was using it on top of my previous big patch from about a week ago: ["Issues caused by array elements passed to a function ..."](https://lists.gnu.org/archive/html/bug-gawk/2025-01/msg00000.html); and also having the other smaller fix in builtin.c, for the ["fatal: typeof: unknown argument type `Node_param_list'"](https://lists.gnu.org/archive/html/bug-gawk/2025-01/msg00007.html), although I don't think that makes a difference. Those two were the only differences versus master (although, yes, the array elements one is pretty big).On top of these previous changes that two liner fix does not show leaks when run under Valgrind with the bug report in this thread; and the whole 'make valgrind' does not show leaks either.On 2025-01-15 23:55, arnold@skeeve.com wrote:Thanks, but that's a memory leak. :-( Doing like the 'if' above for Node_elem_new doesn't quite cut it either. Sadly, there's a lot of subtlety in the code. Too much, really. I will keep working on it. Arnold mekanofox via "Bug reports only for gawk." <bug-gawk@gnu.org> wrote: Maybe something along the lines of ... diff --git a/awk.h b/awk.h index b8f01329d..a956ae927 100644 --- a/awk.h +++ b/awk.h@@ -1981,6 +1981,10 @@ force_string_fmt(NODE *s, const char *fmtstr, intfmtidx) return s; } + if (s->type == Node_var_new) { + s = dupnode(Nnull_string); + } + if ((s->flags & STRCUR) != 0 && (s->stfmt == STFMT_UNUSED || (s->stfmt == fmtidx #ifdef HAVE_MPFRThat even passes the 'make check'; but I didn't dig into all the cornersyet. On 2025-01-15 06:05, arnold@skeeve.com wrote: Eli Zaretskii <eliz@gnu.org> wrote: From: Denis Shirokov <cosmogen@gmail.com> Date: Wed, 15 Jan 2025 01:13:25 +0200 I have identified two issues related to indirect function calls into built-in functions of AWK. The attached script contains both scenarios to reproduce the identified problems. GNU Awk 5.3.1, API 4.0, (GNU MPFR 4.0.2, GNU MP 6.1.2) downloaded from ezwinports How do you run this script? You have to change his 'if (0)' to 'if (1)'. I've spent almost all day debugging this. The problem is very much a corner case, but there are some things that need fixing.It's still a work in progress, but having more eyes on it may help too.Thanks, Arnold
[Prev in Thread] | Current Thread | [Next in Thread] |