CVS commit: src

Roland Illig Mon, 30 May 2022 17:34:23 -0700

Module Name:    src
Committed By:   rillig
Date:           Tue May 31 00:35:18 UTC 2022


Modified Files:
        src/tests/usr.bin/xlint/lint1: d_gcc_compound_statements1.c
            d_gcc_compound_statements1.exp msg_249.c msg_249.exp
        src/usr.bin/xlint/lint1: decl.c

Log Message:
lint: fix null pointer dereference after syntax error

Found by afl, starting with the malformed input '/**/f=({;/**/};}' that
no longer crashes.  This input led to 'f=({L:;}', which is at least a
syntactically valid prefix of a translation unit, containing a GCC
statement expression with an unused label.  The error message for this
unused label assumed that it would always be inside a function
definition.

While here, document incomplete recovery after syntax errors, in
msg_249.c.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 \
    src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c \
    src/tests/usr.bin/xlint/lint1/msg_249.c
cvs rdiff -u -r1.4 -r1.5 \
    src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp
cvs rdiff -u -r1.7 -r1.8 src/tests/usr.bin/xlint/lint1/msg_249.exp
cvs rdiff -u -r1.282 -r1.283 src/usr.bin/xlint/lint1/decl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c
diff -u src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c:1.9 src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c:1.10
--- src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c:1.9	Sun Apr 24 20:08:23 2022
+++ src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c	Tue May 31 00:35:18 2022
@@ -1,8 +1,21 @@
-/*	$NetBSD: d_gcc_compound_statements1.c,v 1.9 2022/04/24 20:08:23 rillig Exp $	*/
+/*	$NetBSD: d_gcc_compound_statements1.c,v 1.10 2022/05/31 00:35:18 rillig Exp $	*/
 # 3 "d_gcc_compound_statements1.c"
 
 /* GCC compound statement with expression */
 
+/*
+ * Compound statements are only allowed in functions, not at file scope.
+ *
+ * Before decl.c 1.283 from 2022-05-21, lint crashed with a segmentation
+ * fault due to the unused label.
+ */
+int invalid_gcc_statement_expression = ({
+unused_label:
+	3;
+/* expect+2: error: syntax error 'labels are only valid inside a function' [249] */
+/* expect+1: error: cannot initialize 'int' from 'void' [185] */
+});
+
 void foo(unsigned long z)
 {
 	z = ({
Index: src/tests/usr.bin/xlint/lint1/msg_249.c
diff -u src/tests/usr.bin/xlint/lint1/msg_249.c:1.9 src/tests/usr.bin/xlint/lint1/msg_249.c:1.10
--- src/tests/usr.bin/xlint/lint1/msg_249.c:1.9	Sat Jan 15 23:21:34 2022
+++ src/tests/usr.bin/xlint/lint1/msg_249.c	Tue May 31 00:35:18 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: msg_249.c,v 1.9 2022/01/15 23:21:34 rillig Exp $	*/
+/*	$NetBSD: msg_249.c,v 1.10 2022/05/31 00:35:18 rillig Exp $	*/
 # 3 "msg_249.c"
 
 // Test for message: syntax error '%s' [249]
@@ -58,3 +58,30 @@ struct cover_member_declaration {
 	/* expect+1: error: syntax error 'member without type' [249] */
 	const;
 };
+
+/*
+ * At this point, lint assumes that the following code is still in the
+ * function 'access_declaration_after_syntax_error'.
+ */
+
+int gcc_statement_expression_1 = ({
+/* expect+1: warning: label 'unused_label' unused in function 'access_declaration_after_syntax_error' [232] */
+unused_label:
+	1;
+	1;
+});
+/* expect-1: error: non-constant initializer [177] */
+
+/* Even another function definition does not help. */
+void
+try_to_recover(void)
+{
+}
+
+int gcc_statement_expression_2 = ({
+/* expect+1: warning: label 'unused_label' unused in function 'try_to_recover' [232] */
+unused_label:
+	1;
+	1;
+});
+/* expect-1: error: non-constant initializer [177] */

Index: src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp
diff -u src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp:1.4 src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp:1.5
--- src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp:1.4	Sun Apr  3 00:39:32 2022
+++ src/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp	Tue May 31 00:35:18 2022
@@ -1,4 +1,6 @@
-d_gcc_compound_statements1.c(24): error: syntax error 'return outside function' [249]
-d_gcc_compound_statements1.c(25): error: cannot initialize 'int' from 'void' [185]
-d_gcc_compound_statements1.c(37): error: type 'int' does not have member 'e' [101]
-d_gcc_compound_statements1.c(50): error: syntax error ';' [249]
+d_gcc_compound_statements1.c(17): error: syntax error 'labels are only valid inside a function' [249]
+d_gcc_compound_statements1.c(17): error: cannot initialize 'int' from 'void' [185]
+d_gcc_compound_statements1.c(37): error: syntax error 'return outside function' [249]
+d_gcc_compound_statements1.c(38): error: cannot initialize 'int' from 'void' [185]
+d_gcc_compound_statements1.c(50): error: type 'int' does not have member 'e' [101]
+d_gcc_compound_statements1.c(63): error: syntax error ';' [249]

Index: src/tests/usr.bin/xlint/lint1/msg_249.exp
diff -u src/tests/usr.bin/xlint/lint1/msg_249.exp:1.7 src/tests/usr.bin/xlint/lint1/msg_249.exp:1.8
--- src/tests/usr.bin/xlint/lint1/msg_249.exp:1.7	Sat Jan 15 23:21:34 2022
+++ src/tests/usr.bin/xlint/lint1/msg_249.exp	Tue May 31 00:35:18 2022
@@ -3,3 +3,7 @@ msg_249.c(19): error: syntax error '"' [
 msg_249.c(33): warning: statement not reached [193]
 msg_249.c(34): error: syntax error ')' [249]
 msg_249.c(59): error: syntax error 'member without type' [249]
+msg_249.c(69): warning: label 'unused_label' unused in function 'access_declaration_after_syntax_error' [232]
+msg_249.c(72): error: non-constant initializer [177]
+msg_249.c(83): warning: label 'unused_label' unused in function 'try_to_recover' [232]
+msg_249.c(86): error: non-constant initializer [177]

Index: src/usr.bin/xlint/lint1/decl.c
diff -u src/usr.bin/xlint/lint1/decl.c:1.282 src/usr.bin/xlint/lint1/decl.c:1.283
--- src/usr.bin/xlint/lint1/decl.c:1.282	Thu May 26 13:40:49 2022
+++ src/usr.bin/xlint/lint1/decl.c	Tue May 31 00:35:18 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: decl.c,v 1.282 2022/05/26 13:40:49 rillig Exp $ */
+/* $NetBSD: decl.c,v 1.283 2022/05/31 00:35:18 rillig Exp $ */
 
 /*
  * Copyright (c) 1996 Christopher G. Demetriou.  All Rights Reserved.
@@ -38,7 +38,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__RCSID)
-__RCSID("$NetBSD: decl.c,v 1.282 2022/05/26 13:40:49 rillig Exp $");
+__RCSID("$NetBSD: decl.c,v 1.283 2022/05/31 00:35:18 rillig Exp $");
 #endif
 
 #include <sys/param.h>
@@ -3174,7 +3174,10 @@ check_label_usage(sym_t *lab)
 	lint_assert(block_level == 1);
 	lint_assert(lab->s_block_level == 1);
 
-	if (lab->s_set && !lab->s_used) {
+	if (funcsym == NULL) {
+		/* syntax error '%s' */
+		error(249, "labels are only valid inside a function");
+	} else if (lab->s_set && !lab->s_used) {
 		/* label '%s' unused in function '%s' */
 		warning_at(232, &lab->s_set_pos, lab->s_name, funcsym->s_name);
 	} else if (!lab->s_set) {

CVS commit: src

Reply via email to