bug-gawk
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: indirect function call issues (2)


From: mekanofox
Subject: Re: indirect function call issues (2)
Date: Thu, 16 Jan 2025 07:30:44 -0800
User-agent: Purely Mail via Roundcube/1.6.8

... and here's an update on this -- you're right, looks a bit heavy on subtlety :) [ again, the context of this is explained in the previous post: below stuff goes applied over the previous 2 patches ]

So, yep, it can still jump -- lightly -- off the rails ... When our friend "force_string_fmt" receives a Node_param_list, it lets it pass further down. Then the "r_format_val" expects a *value*, of course, and could write into fields that are not valid for a parameter (i.e. trying to set strndmode to MPFR_round_mode, in case of a MPFR build, which anyway is the default; well, that clobbers the "name" of the parameter ! I'll try to come up with a minimal test that hits this, so at least is part of the 'check'...)

I ended up calming it down as below ... Notice what starts to be a familiar code snippet, that transformation from param_list into actual var/value, whatever it is ... The same thing showed up in the fixes for do_typeof/do_isarray, so at some point it would be worth factoring it out into a small inline function.

Again, no leaks from valgrinding the test here and the 'make valgrind'.

At a minimum this could give some ideas on potential paths for a fix ...

diff --git a/awk.h b/awk.h
index b8f01329d..d756278dd 100644
--- a/awk.h
+++ b/awk.h
@@ -1981,6 +1981,17 @@ force_string_fmt(NODE *s, const char *fmtstr, int fmtidx)
                return s;
        }

+       if (s->type == Node_param_list) {
+               s = GET_PARAM(s->param_cnt);
+               if (s->type == Node_array_ref) {
+                       s = s->orig_array;
+               }
+       }
+
+       if (s->type == Node_var_new) {
+               s = dupnode(Nnull_string);
+       }
+
        if ((s->flags & STRCUR) != 0
                && (s->stfmt == STFMT_UNUSED || (s->stfmt == fmtidx
 #ifdef HAVE_MPFR


On 2025-01-16 01:10, mekanofox via "Bug reports only for gawk." wrote:

Sorry, I should have given more details about the context of that patch.

When applied on the master branch, indeed, it causes leaks.

But I was using it on top of my previous big patch from about a week ago: ["Issues caused by array elements passed to a function ..."](https://lists.gnu.org/archive/html/bug-gawk/2025-01/msg00000.html); and also having the other smaller fix in builtin.c, for the ["fatal: typeof: unknown argument type `Node_param_list'"](https://lists.gnu.org/archive/html/bug-gawk/2025-01/msg00007.html), although I don't think that makes a difference. Those two were the only differences versus master (although, yes, the array elements one is pretty big).

On top of these previous changes that two liner fix does not show leaks when run under Valgrind with the bug report in this thread; and the whole 'make valgrind' does not show leaks either.

On 2025-01-15 23:55, arnold@skeeve.com wrote:

Thanks, but that's a memory leak. :-(

Doing like the 'if' above for Node_elem_new doesn't quite cut it
either.

Sadly, there's a lot of subtlety in the code. Too much, really.

I will keep working on it.

Arnold

mekanofox via "Bug reports only for gawk." <bug-gawk@gnu.org> wrote:

Maybe something along the lines of ...

diff --git a/awk.h b/awk.h
index b8f01329d..a956ae927 100644
--- a/awk.h
+++ b/awk.h
@@ -1981,6 +1981,10 @@ force_string_fmt(NODE *s, const char *fmtstr, int
fmtidx)
return s;
}

+    if (s->type == Node_var_new) {
+        s = dupnode(Nnull_string);
+    }
+
if ((s->flags & STRCUR) != 0
&& (s->stfmt == STFMT_UNUSED || (s->stfmt == fmtidx
#ifdef HAVE_MPFR

That even passes the 'make check'; but I didn't dig into all the corners
yet.

On 2025-01-15 06:05, arnold@skeeve.com wrote:

Eli Zaretskii <eliz@gnu.org> wrote:

From: Denis Shirokov <cosmogen@gmail.com>
Date: Wed, 15 Jan 2025 01:13:25 +0200

I have identified two issues related to indirect function calls into
built-in functions of AWK. The attached script contains both scenarios
to
reproduce the identified problems.

GNU Awk 5.3.1, API 4.0, (GNU MPFR 4.0.2, GNU MP 6.1.2)
downloaded from ezwinports
How do you run this script?
You have to change his 'if (0)' to 'if (1)'.

I've spent almost all day debugging this.  The problem is very
much a corner case, but there are some things that need fixing.

It's still a work in progress, but having more eyes on it may help too.

Thanks,

Arnold



reply via email to

[Prev in Thread] Current Thread [Next in Thread]