guy@sun.uucp (Guy Harris) (08/10/85)
Index: usr.bin/lex/lmain.c usr.bin/lex/sub1.c 4.2BSD (The same bug exists in the S5 "lex" and probably exists in the V7 "lex" as well). Description: 1) A couple of bits of code here are really sloppy when it comes to pointers vs. integers. 2) Some other bits of code are sloppy when it comes to - surprise! - dereferencing NULL pointers. Repeat-By: Try "lex -Q anything.l" if your machine dumps core when dereferencing null pointers. Fix: See following context diffs. Line numbers and exact code will be different for S3/S5/V7. diff -c /arch/4.2/usr/src/usr.bin/lex/lmain.c ./lmain.c *** /arch/4.2/usr/src/usr.bin/lex/lmain.c Thu Aug 11 20:51:24 1983 --- ./lmain.c Tue Aug 6 11:43:35 1985 *************** *** 129,135 dp = dchar = myalloc(DEFCHAR,sizeof(*dchar)); sname = myalloc(STARTSIZE,sizeof(*sname)); sp = schar = myalloc(STARTCHAR,sizeof(*schar)); ! if(ccl == 0 || def == 0 || subs == 0 || dchar == 0 || sname == 0 || schar == 0) error("Too little core to begin"); } free1core(){ --- 129,135 ----- dp = dchar = myalloc(DEFCHAR,sizeof(*dchar)); sname = myalloc(STARTSIZE,sizeof(*sname)); sp = schar = myalloc(STARTCHAR,sizeof(*schar)); ! if(ccl == 0 || pchar == 0 || def == 0 || subs == 0 || dchar == 0 || sname == 0 || schar == 0) error("Too little core to begin"); } free1core(){ *************** *** 193,199 # endif char *myalloc(a,b) int a,b; { ! register int i; i = calloc(a, b); if(i==0) warning("OOPS - calloc returns a 0"); --- 193,199 ----- # endif char *myalloc(a,b) int a,b; { ! register char *i; i = calloc(a, b); # ifdef DEBUG if(i==0) *************** *** 195,200 int a,b; { register int i; i = calloc(a, b); if(i==0) warning("OOPS - calloc returns a 0"); else if(i == -1){ --- 195,201 ----- int a,b; { register char *i; i = calloc(a, b); + # ifdef DEBUG if(i==0) warning("OOPS - calloc returns a 0"); # endif *************** *** 197,205 i = calloc(a, b); if(i==0) warning("OOPS - calloc returns a 0"); - else if(i == -1){ - # ifdef DEBUG - warning("calloc returns a -1"); # endif return(0); } --- 198,203 ----- # ifdef DEBUG if(i==0) warning("OOPS - calloc returns a 0"); # endif return(i); } *************** *** 201,208 # ifdef DEBUG warning("calloc returns a -1"); # endif - return(0); - } return(i); } # ifdef DEBUG --- 199,204 ----- if(i==0) warning("OOPS - calloc returns a 0"); # endif return(i); } # ifdef DEBUG *************** *** 208,214 # ifdef DEBUG buserr(){ fflush(errorf); ! fflush(fout); fflush(stdout); fprintf(errorf,"Bus error\n"); if(report == 1)statistics(); --- 204,211 ----- # ifdef DEBUG buserr(){ fflush(errorf); ! if(fout != NULL) ! fflush(fout); fflush(stdout); fprintf(errorf,"Bus error\n"); if(report == 1)statistics(); *************** *** 216,222 } segviol(){ fflush(errorf); ! fflush(fout); fflush(stdout); fprintf(errorf,"Segmentation violation\n"); if(report == 1)statistics(); --- 213,220 ----- } segviol(){ fflush(errorf); ! if(fout != NULL) ! fflush(fout); fflush(stdout); fprintf(errorf,"Segmentation violation\n"); if(report == 1)statistics(); diff -c /arch/4.2/usr/src/usr.bin/lex/sub1.c ./sub1.c *** /arch/4.2/usr/src/usr.bin/lex/sub1.c Thu Aug 11 20:51:25 1983 --- ./sub1.c Tue Aug 6 11:35:17 1985 *************** *** 62,68 fprintf(errorf,s,p,d); putc('\n',errorf); fflush(errorf); ! fflush(fout); fflush(stdout); } index(a,s) --- 62,69 ----- fprintf(errorf,s,p,d); putc('\n',errorf); fflush(errorf); ! if(fout != NULL) ! fflush(fout); fflush(stdout); } index(a,s)
guy@sun.uucp (Guy Harris) (07/31/86)
Index: usr.bin/lex/lmain.c usr.bin/lex/sub1.c usr.bin/lex/parser.y 4.3BSD Description: 1) A couple of bits of code here are really sloppy when it comes to pointers vs. integers. 2) Some other bits of code are sloppy when it comes to - surprise! - dereferencing NULL pointers. Repeat-By: Try "lex -Q anything.l", or "lex </dev/null" (if "lex" isn't given a source file, it reads from standard input) if your machine dumps core when dereferencing null pointers. Fix: See following context diffs. (Yes, I know it says "4.3beta". "lex" hasn't changed since then.) *** /archwizard/4.3beta/usr/src/usr.bin/lex/lmain.c Thu Feb 21 13:35:28 1985 --- ./lmain.c Thu Jan 2 14:02:45 1986 *************** *** 128,134 dp = dchar = myalloc(DEFCHAR,sizeof(*dchar)); sname = (char **) myalloc(STARTSIZE,sizeof(*sname)); sp = schar = myalloc(STARTCHAR,sizeof(*schar)); ! if(ccl == 0 || def == 0 || subs == 0 || dchar == 0 || sname == 0 || schar == 0) error("Too little core to begin"); } free1core(){ --- 128,134 ----- dp = dchar = myalloc(DEFCHAR,sizeof(*dchar)); sname = (char **) myalloc(STARTSIZE,sizeof(*sname)); sp = schar = myalloc(STARTCHAR,sizeof(*schar)); ! if(ccl == 0 || pchar == 0 || def == 0 || subs == 0 || dchar == 0 || sname == 0 || schar == 0) error("Too little core to begin"); } free1core(){ *************** *** 194,199 int a,b; { register char *i; i = calloc(a, b); if(i==0) warning("OOPS - calloc returns a 0"); else if(i == (char *)-1){ --- 194,200 ----- int a,b; { register char *i; i = calloc(a, b); + # ifdef DEBUG if(i==0) warning("OOPS - calloc returns a 0"); # endif *************** *** 196,204 i = calloc(a, b); if(i==0) warning("OOPS - calloc returns a 0"); - else if(i == (char *)-1){ - # ifdef DEBUG - warning("calloc returns a -1"); # endif return(0); } --- 197,202 ----- # ifdef DEBUG if(i==0) warning("OOPS - calloc returns a 0"); # endif return(i); } *************** *** 200,207 # ifdef DEBUG warning("calloc returns a -1"); # endif - return(0); - } return(i); } # ifdef DEBUG --- 198,203 ----- if(i==0) warning("OOPS - calloc returns a 0"); # endif return(i); } # ifdef DEBUG *************** *** 207,213 # ifdef DEBUG buserr(){ fflush(errorf); ! fflush(fout); fflush(stdout); fprintf(errorf,"Bus error\n"); if(report == 1)statistics(); --- 203,210 ----- # ifdef DEBUG buserr(){ fflush(errorf); ! if(fout != NULL) ! fflush(fout); fflush(stdout); fprintf(errorf,"Bus error\n"); if(report == 1)statistics(); *************** *** 215,221 } segviol(){ fflush(errorf); ! fflush(fout); fflush(stdout); fprintf(errorf,"Segmentation violation\n"); if(report == 1)statistics(); --- 212,219 ----- } segviol(){ fflush(errorf); ! if(fout != NULL) ! fflush(fout); fflush(stdout); fprintf(errorf,"Segmentation violation\n"); if(report == 1)statistics(); *** /archwizard/4.3beta/usr/src/usr.bin/lex/sub1.c Thu Feb 21 13:34:53 1985 --- ./sub1.c Thu Jan 2 14:05:09 1986 *************** *** 62,68 fprintf(errorf,s,p,d); putc('\n',errorf); fflush(errorf); ! fflush(fout); fflush(stdout); } index(a,s) --- 62,69 ----- fprintf(errorf,s,p,d); putc('\n',errorf); fflush(errorf); ! if(fout != NULL) ! fflush(fout); fflush(stdout); } index(a,s) *** /archwizard/4.3beta/usr/src/usr.bin/lex/parser.y Mon Jan 13 15:33:13 1986 --- ./parser.y Mon Jan 13 15:19:36 1986 *************** *** 216,222 yylex(){ register char *p; register int c, i; ! char *t, *xp; int n, j, k, x; static int sectbegin; static char token[TOKENSIZE]; --- 216,223 ----- yylex(){ register char *p; register int c, i; ! char *t; ! register char *xp; int n, j, k, x; static int sectbegin; static char token[TOKENSIZE]; *************** *** 241,248 sectbegin = TRUE; i = treesize*(sizeof(*name)+sizeof(*left)+ sizeof(*right)+sizeof(*nullstr)+sizeof(*parent))+ALITTLEEXTRA; ! c = myalloc(i,1); ! if(c == 0) error("Too little core for parse tree"); p = c; cfree(p,i,1); --- 242,249 ----- sectbegin = TRUE; i = treesize*(sizeof(*name)+sizeof(*left)+ sizeof(*right)+sizeof(*nullstr)+sizeof(*parent))+ALITTLEEXTRA; ! xp = myalloc(i,1); ! if(xp == 0) error("Too little core for parse tree"); cfree((char *)xp,i,1); name = (int *)myalloc(treesize,sizeof(*name)); *************** *** 244,254 c = myalloc(i,1); if(c == 0) error("Too little core for parse tree"); ! p = c; ! cfree(p,i,1); ! name = myalloc(treesize,sizeof(*name)); ! left = myalloc(treesize,sizeof(*left)); ! right = myalloc(treesize,sizeof(*right)); nullstr = myalloc(treesize,sizeof(*nullstr)); parent = myalloc(treesize,sizeof(*parent)); if(name == 0 || left == 0 || right == 0 || parent == 0 || nullstr == 0) --- 245,254 ----- xp = myalloc(i,1); if(xp == 0) error("Too little core for parse tree"); ! cfree((char *)xp,i,1); ! name = (int *)myalloc(treesize,sizeof(*name)); ! left = (int *)myalloc(treesize,sizeof(*left)); ! right = (int *)myalloc(treesize,sizeof(*right)); nullstr = myalloc(treesize,sizeof(*nullstr)); parent = (int *)myalloc(treesize,sizeof(*parent)); if(name == 0 || left == 0 || right == 0 || parent == 0 || nullstr == 0) *************** *** 250,256 left = myalloc(treesize,sizeof(*left)); right = myalloc(treesize,sizeof(*right)); nullstr = myalloc(treesize,sizeof(*nullstr)); ! parent = myalloc(treesize,sizeof(*parent)); if(name == 0 || left == 0 || right == 0 || parent == 0 || nullstr == 0) error("Too little core for parse tree"); return(freturn(DELIM)); --- 250,256 ----- left = (int *)myalloc(treesize,sizeof(*left)); right = (int *)myalloc(treesize,sizeof(*right)); nullstr = myalloc(treesize,sizeof(*nullstr)); ! parent = (int *)myalloc(treesize,sizeof(*parent)); if(name == 0 || left == 0 || right == 0 || parent == 0 || nullstr == 0) error("Too little core for parse tree"); return(freturn(DELIM)); *************** *** 294,300 case 'k': case 'K': /* overriden packed char classes */ while (*p && !digit(*p))p++; if (report==2) report=1; ! cfree(pchar, pchlen, sizeof(*pchar)); pchlen = siconv(p); # ifdef DEBUG if (debug) printf( "Size classes (%%k) now %d\n",pchlen); --- 294,300 ----- case 'k': case 'K': /* overriden packed char classes */ while (*p && !digit(*p))p++; if (report==2) report=1; ! cfree((char *)pchar, pchlen, sizeof(*pchar)); pchlen = siconv(p); # ifdef DEBUG if (debug) printf( "Size classes (%%k) now %d\n",pchlen); *************** *** 419,424 /* end of section one processing */ } else if(sect == RULESECTION){ /* rules and actions */ while(!eof){ switch(c=gch()){ case '\0': --- 419,430 ----- /* end of section one processing */ } else if(sect == RULESECTION){ /* rules and actions */ + /* + * If it is required that one of the items given above + * which causes a call to "lgate" must have been called + * by now, this should be an error instead. + */ + lgate(); while(!eof){ switch(c=gch()){ case '\0': *************** *** 678,683 } } /* section three */ ptail(); # ifdef DEBUG if(debug) --- 684,696 ----- } } /* section three */ + /* + * If it is required that one of the items given above + * which causes a call to "lgate" must have been called + * by now, this should be an error instead. (If it hasn't + * been done by now, do we have a null "lex" program?) + */ + lgate(); ptail(); # ifdef DEBUG if(debug) -- Guy Harris {ihnp4, decvax, seismo, decwrl, ...}!sun!guy guy@sun.com (or guy@sun.arpa)