Module Name: src
Committed By: rillig
Date: Sat Jul 15 13:51:36 UTC 2023
Modified Files:
src/tests/usr.bin/xlint/lint1: gcc_statement_expression.c
src/usr.bin/xlint/lint1: Makefile cgram.y externs1.h tree.c
Log Message:
lint: fix use-after-free bug in GCC statement expressions
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 \
src/tests/usr.bin/xlint/lint1/gcc_statement_expression.c
cvs rdiff -u -r1.98 -r1.99 src/usr.bin/xlint/lint1/Makefile
cvs rdiff -u -r1.463 -r1.464 src/usr.bin/xlint/lint1/cgram.y
cvs rdiff -u -r1.196 -r1.197 src/usr.bin/xlint/lint1/externs1.h
cvs rdiff -u -r1.568 -r1.569 src/usr.bin/xlint/lint1/tree.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/usr.bin/xlint/lint1/gcc_statement_expression.c
diff -u src/tests/usr.bin/xlint/lint1/gcc_statement_expression.c:1.1 src/tests/usr.bin/xlint/lint1/gcc_statement_expression.c:1.2
--- src/tests/usr.bin/xlint/lint1/gcc_statement_expression.c:1.1 Sat Jul 15 12:24:57 2023
+++ src/tests/usr.bin/xlint/lint1/gcc_statement_expression.c Sat Jul 15 13:51:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: gcc_statement_expression.c,v 1.1 2023/07/15 12:24:57 rillig Exp $ */
+/* $NetBSD: gcc_statement_expression.c,v 1.2 2023/07/15 13:51:36 rillig Exp $ */
# 3 "gcc_statement_expression.c"
/*
@@ -19,9 +19,14 @@ use_inner_type_from_outside(void)
int member;
} inner;
} outer = { { 3 } };
- // TODO: Move the '.inner.member' out of the statement
- // expression, without a use-after-free crash.
- outer.inner.member;
- });
+ outer;
+ }).inner.member;
+ /* expect-1: error: type 'struct outer' does not have member 'inner' [101] */
+ /* expect-2: error: type 'int' does not have member 'member' [101] */
+ /*
+ * FIXME: The above types must not be removed from the symbol table
+ * yet; at least, their member names must still be known.
+ */
+
return x;
}
Index: src/usr.bin/xlint/lint1/Makefile
diff -u src/usr.bin/xlint/lint1/Makefile:1.98 src/usr.bin/xlint/lint1/Makefile:1.99
--- src/usr.bin/xlint/lint1/Makefile:1.98 Tue Jul 11 17:33:45 2023
+++ src/usr.bin/xlint/lint1/Makefile Sat Jul 15 13:51:36 2023
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.98 2023/07/11 17:33:45 rillig Exp $
+# $NetBSD: Makefile,v 1.99 2023/07/15 13:51:36 rillig Exp $
.include <bsd.own.mk>
@@ -27,6 +27,7 @@ LINTFLAGS.scan.c+= -X 351 # 'extern' de
CPPFLAGS+= -DIS_LINT1
CPPFLAGS+= -I${.CURDIR} -I${.OBJDIR}
CPPFLAGS+= ${DEBUG:D-DDEBUG -DYYDEBUG}
+CPPFLAGS+= ${DEBUG_MEM:D-DDEBUG_MEM}
COPTS.err.c+= ${${ACTIVE_CC} == "clang":? -Wno-format-nonliteral :}
Index: src/usr.bin/xlint/lint1/cgram.y
diff -u src/usr.bin/xlint/lint1/cgram.y:1.463 src/usr.bin/xlint/lint1/cgram.y:1.464
--- src/usr.bin/xlint/lint1/cgram.y:1.463 Sat Jul 15 13:35:24 2023
+++ src/usr.bin/xlint/lint1/cgram.y Sat Jul 15 13:51:36 2023
@@ -1,5 +1,5 @@
%{
-/* $NetBSD: cgram.y,v 1.463 2023/07/15 13:35:24 rillig Exp $ */
+/* $NetBSD: cgram.y,v 1.464 2023/07/15 13:51:36 rillig Exp $ */
/*
* Copyright (c) 1996 Christopher G. Demetriou. All Rights Reserved.
@@ -35,7 +35,7 @@
#include <sys/cdefs.h>
#if defined(__RCSID)
-__RCSID("$NetBSD: cgram.y,v 1.463 2023/07/15 13:35:24 rillig Exp $");
+__RCSID("$NetBSD: cgram.y,v 1.464 2023/07/15 13:51:36 rillig Exp $");
#endif
#include <limits.h>
@@ -1791,7 +1791,8 @@ compound_statement_lbrace:
compound_statement_rbrace:
T_RBRACE {
end_declaration_level();
- level_free_all(mem_block_level);
+ if (!in_statement_expr())
+ level_free_all(mem_block_level); /* leak */
mem_block_level--;
debug_step("%s: mem_block_level = %zu",
"compound_statement_rbrace", mem_block_level);
Index: src/usr.bin/xlint/lint1/externs1.h
diff -u src/usr.bin/xlint/lint1/externs1.h:1.196 src/usr.bin/xlint/lint1/externs1.h:1.197
--- src/usr.bin/xlint/lint1/externs1.h:1.196 Sat Jul 15 13:35:24 2023
+++ src/usr.bin/xlint/lint1/externs1.h Sat Jul 15 13:51:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: externs1.h,v 1.196 2023/07/15 13:35:24 rillig Exp $ */
+/* $NetBSD: externs1.h,v 1.197 2023/07/15 13:51:36 rillig Exp $ */
/*
* Copyright (c) 1994, 1995 Jochen Pohl
@@ -299,6 +299,7 @@ sym_t *find_member(const type_t *, const
void begin_statement_expr(void);
void do_statement_expr(tnode_t *);
tnode_t *end_statement_expr(void);
+bool in_statement_expr(void);
/*
* func.c
Index: src/usr.bin/xlint/lint1/tree.c
diff -u src/usr.bin/xlint/lint1/tree.c:1.568 src/usr.bin/xlint/lint1/tree.c:1.569
--- src/usr.bin/xlint/lint1/tree.c:1.568 Sat Jul 15 13:35:24 2023
+++ src/usr.bin/xlint/lint1/tree.c Sat Jul 15 13:51:36 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: tree.c,v 1.568 2023/07/15 13:35:24 rillig Exp $ */
+/* $NetBSD: tree.c,v 1.569 2023/07/15 13:51:36 rillig Exp $ */
/*
* Copyright (c) 1994, 1995 Jochen Pohl
@@ -37,7 +37,7 @@
#include <sys/cdefs.h>
#if defined(__RCSID)
-__RCSID("$NetBSD: tree.c,v 1.568 2023/07/15 13:35:24 rillig Exp $");
+__RCSID("$NetBSD: tree.c,v 1.569 2023/07/15 13:51:36 rillig Exp $");
#endif
#include <float.h>
@@ -4839,3 +4839,9 @@ end:
debug_leave();
return tn;
}
+
+bool
+in_statement_expr(void)
+{
+ return stmt_exprs != NULL;
+}
