[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Null-Dereference bug in hash.c
From: |
Akim Demaille |
Subject: |
Re: Null-Dereference bug in hash.c |
Date: |
Sun, 1 Sep 2019 17:53:58 +0200 |
Hi!
> Le 24 août 2019 à 09:09, 江 祖铭 <address@hidden> a écrit :
>
> The maintainers of bison:
>
> Hello. I am Zu-Ming Jiang, a master student at Tsinghua University
>
> I find a null dereference bug in hash.c
>
> Describe the bug:
> the calloc() in the call stack shown below may fail:
> # 1Call calloc() in hash_initialize(), at hash.c: 626
> #2 Call hash_initialize() in symbols_new(), at symtab.c: 781
> #3 Call symbols_new() in reader(), at reader.c: 714
> #4 Call reader() in main(), at main.c: 104
>
> If the calloc() in this call stack fails, It will make the global variable
> semantic_type_table become NULL.
Thanks for the report! Fortunately it is quite unlikely to be
triggered, but it's a genuine bug! What do you think about this
fix?
Cheers!
commit 989a7aa865f36b0c11704783d297da49d2f5af70
Author: Akim Demaille <address@hidden>
Date: Sat Aug 31 18:07:26 2019 -0500
check for memory exhaustion
hash_initialize returns NULL when out of memory. Check for it, and
die cleanly instead of crashing.
Reported by 江 祖铭 (Zu-Ming Jiang).
https://lists.gnu.org/archive/html/bug-bison/2019-08/msg00015.html
* src/muscle-tab.c, src/state.c, src/symtab.c, src/uniqstr.c:
Check the value returned by hash_initialize.
diff --git a/THANKS b/THANKS
index e40fc001..a0e3af66 100644
--- a/THANKS
+++ b/THANKS
@@ -199,6 +199,7 @@ Wwp address@hidden
xolodho address@hidden
Zack Weinberg address@hidden
長田偉伸 address@hidden
+江 祖铭 address@hidden
Many people are not named here because we lost track of them. We
thank them! Please, help us keeping this list up to date.
diff --git a/src/muscle-tab.c b/src/muscle-tab.c
index fbb80fc2..d3e358e6 100644
--- a/src/muscle-tab.c
+++ b/src/muscle-tab.c
@@ -128,6 +128,8 @@ muscle_init (void)
muscle_table = hash_initialize (HT_INITIAL_CAPACITY, NULL, hash_muscle,
hash_compare_muscles, muscle_entry_free);
+ if (!muscle_table)
+ xalloc_die ();
/* Version and input file. */
MUSCLE_INSERT_STRING ("version", VERSION);
diff --git a/src/state.c b/src/state.c
index 87fbb1c6..64bb256c 100644
--- a/src/state.c
+++ b/src/state.c
@@ -364,6 +364,8 @@ state_hash_new (void)
state_hasher,
state_comparator,
NULL);
+ if (!state_table)
+ xalloc_die ();
}
diff --git a/src/symtab.c b/src/symtab.c
index 83e8256b..60733e72 100644
--- a/src/symtab.c
+++ b/src/symtab.c
@@ -778,11 +778,15 @@ symbols_new (void)
hash_symbol_hasher,
hash_symbol_comparator,
symbol_free);
+ if (!symbol_table)
+ xalloc_die ();
semantic_type_table = hash_initialize (HT_INITIAL_CAPACITY,
NULL,
hash_semantic_type_hasher,
hash_semantic_type_comparator,
free);
+ if (!semantic_type_table)
+ xalloc_die ();
}
diff --git a/src/uniqstr.c b/src/uniqstr.c
index f654d55e..d5c66846 100644
--- a/src/uniqstr.c
+++ b/src/uniqstr.c
@@ -162,6 +162,8 @@ uniqstrs_new (void)
hash_uniqstr,
hash_compare_uniqstr,
free);
+ if (!uniqstrs_table)
+ xalloc_die ();
}
- Re: Null-Dereference bug in hash.c,
Akim Demaille <=