Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/xlint/lint1 lint: guard against segmentation fault w...



details:   https://anonhg.NetBSD.org/src/rev/72c8db1a3467
branches:  trunk
changeset: 1022086:72c8db1a3467
user:      rillig <rillig%NetBSD.org@localhost>
date:      Sat Jul 03 21:18:40 2021 +0000

description:
lint: guard against segmentation fault when parsing struct

Found by afl.  The code that triggers this case is:

        struct{const}

diffstat:

 usr.bin/xlint/lint1/cgram.y |  5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diffs (27 lines):

diff -r a023f6305f66 -r 72c8db1a3467 usr.bin/xlint/lint1/cgram.y
--- a/usr.bin/xlint/lint1/cgram.y       Sat Jul 03 20:54:08 2021 +0000
+++ b/usr.bin/xlint/lint1/cgram.y       Sat Jul 03 21:18:40 2021 +0000
@@ -1,5 +1,5 @@
 %{
-/* $NetBSD: cgram.y,v 1.248 2021/06/29 05:41:45 rillig Exp $ */
+/* $NetBSD: cgram.y,v 1.249 2021/07/03 21:18:40 rillig Exp $ */
 
 /*
  * Copyright (c) 1996 Christopher G. Demetriou.  All Rights Reserved.
@@ -35,7 +35,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: cgram.y,v 1.248 2021/06/29 05:41:45 rillig Exp $");
+__RCSID("$NetBSD: cgram.y,v 1.249 2021/07/03 21:18:40 rillig Exp $");
 #endif
 
 #include <limits.h>
@@ -832,6 +832,7 @@
                        /* anonymous struct/union members is a C9X feature */
                        warning(49);
                /* add all the members of the anonymous struct/union */
+               lint_assert(is_struct_or_union(dcs->d_type->t_tspec));
                $$ = dcs->d_type->t_str->sou_first_member;
                anonymize($$);
          }



Home | Main Index | Thread Index | Old Index