[hackers] [scc] [cc1] Guard popctx() of dangling pointers in yylval.sym || Roberto E. Vargas Caballero

From: <git_AT_suckless.org>
Date: Fri, 20 Jan 2017 15:04:49 +0100 (CET)

commit fea243a2851d05bb1036a542e4ef1aa714a87570
Author: Roberto E. Vargas Caballero <k0ga_AT_shike2.com>
AuthorDate: Fri Jan 20 15:00:08 2017 +0100
Commit: Roberto E. Vargas Caballero <k0ga_AT_shike2.com>
CommitDate: Fri Jan 20 15:00:08 2017 +0100

    [cc1] Guard popctx() of dangling pointers in yylval.sym
    
    When a context is popped all the symbols defined in it
    are killed. Since the lexer reads a token ahead it
    already read some token that maybe is an identifier
    defined in the context, and it means that yylval.sym
    is an invalid pointer. This new code detects the
    situation and relookup the symbol again.

diff --git a/cc1/symbol.c b/cc1/symbol.c
index eedbc5f..466c8c9 100644
--- a/cc1/symbol.c
+++ b/cc1/symbol.c
_AT_@ -105,6 +105,23 @@ void
 popctx(void)
 {
         Symbol *next, *sym;
+ int dangling = 0;
+
+ /*
+ * we have to be careful before popping the current
+ * context, because since the parser is one token
+ * ahead it may already have read an identifier at
+ * this point, and yylval.sym is a pointer to
+ * the symbol associated to such token. If that
+ * symbol is from the context that we are popping
+ * then we are going to generate a dangling pointer.
+ * We can detect this situation and call again to
+ * lookup.
+ */
+ if ((yytoken == IDEN || yytoken == TYPEIDEN) &&
+ yylval.sym->ctx == curctx) {
+ dangling = 1;
+ }
 
         for (sym = head; sym && sym->ctx == curctx; sym = next) {
                 /*
_AT_@ -117,18 +134,22 @@ popctx(void)
         }
         head = sym;
 
- if (--curctx != GLOBALCTX)
- return;
+ if (--curctx == GLOBALCTX) {
+ for (sym = labels; sym; sym = next) {
+ next = sym->next;
+ killsym(sym);
+ }
+ labels = NULL;
 
- for (sym = labels; sym; sym = next) {
- next = sym->next;
- killsym(sym);
+ if (curfun) {
+ free(curfun->u.pars);
+ curfun->u.pars = NULL;
+ }
         }
- labels = NULL;
 
- if (curfun) {
- free(curfun->u.pars);
- curfun->u.pars = NULL;
+ if (dangling) {
+ yylval.sym = lookup(namespace, yytext, ALLOC);
+ yytoken = yylval.sym->token;
         }
 }
 
Received on Fri Jan 20 2017 - 15:04:49 CET

This archive was generated by hypermail 2.3.0 : Fri Jan 20 2017 - 15:12:16 CET