Hi! > Le 24 août 2019 à 09:09, 江 祖铭 <jjzum...@outlook.com> a écrit : > > The maintainers of bison: > > Hello. I am Zu-Ming Jiang, a master student at Tsinghua University > > I find a null dereference bug in hash.c > > Describe the bug: > the calloc() in the call stack shown below may fail: > # 1Call calloc() in hash_initialize(), at hash.c: 626 > #2 Call hash_initialize() in symbols_new(), at symtab.c: 781 > #3 Call symbols_new() in reader(), at reader.c: 714 > #4 Call reader() in main(), at main.c: 104 > > If the calloc() in this call stack fails, It will make the global variable > semantic_type_table become NULL.
Thanks for the report! Fortunately it is quite unlikely to be triggered, but it's a genuine bug! What do you think about this fix? Cheers! commit 989a7aa865f36b0c11704783d297da49d2f5af70 Author: Akim Demaille <akim.demai...@gmail.com> Date: Sat Aug 31 18:07:26 2019 -0500 check for memory exhaustion hash_initialize returns NULL when out of memory. Check for it, and die cleanly instead of crashing. Reported by 江 祖铭 (Zu-Ming Jiang). https://lists.gnu.org/archive/html/bug-bison/2019-08/msg00015.html * src/muscle-tab.c, src/state.c, src/symtab.c, src/uniqstr.c: Check the value returned by hash_initialize. diff --git a/THANKS b/THANKS index e40fc001..a0e3af66 100644 --- a/THANKS +++ b/THANKS @@ -199,6 +199,7 @@ Wwp subscr...@free.fr xolodho xolo...@gmail.com Zack Weinberg z...@codesourcery.com 長田偉伸 cbh34...@iret.co.jp +江 祖铭 jjzum...@outlook.com Many people are not named here because we lost track of them. We thank them! Please, help us keeping this list up to date. diff --git a/src/muscle-tab.c b/src/muscle-tab.c index fbb80fc2..d3e358e6 100644 --- a/src/muscle-tab.c +++ b/src/muscle-tab.c @@ -128,6 +128,8 @@ muscle_init (void) muscle_table = hash_initialize (HT_INITIAL_CAPACITY, NULL, hash_muscle, hash_compare_muscles, muscle_entry_free); + if (!muscle_table) + xalloc_die (); /* Version and input file. */ MUSCLE_INSERT_STRING ("version", VERSION); diff --git a/src/state.c b/src/state.c index 87fbb1c6..64bb256c 100644 --- a/src/state.c +++ b/src/state.c @@ -364,6 +364,8 @@ state_hash_new (void) state_hasher, state_comparator, NULL); + if (!state_table) + xalloc_die (); } diff --git a/src/symtab.c b/src/symtab.c index 83e8256b..60733e72 100644 --- a/src/symtab.c +++ b/src/symtab.c @@ -778,11 +778,15 @@ symbols_new (void) hash_symbol_hasher, hash_symbol_comparator, symbol_free); + if (!symbol_table) + xalloc_die (); semantic_type_table = hash_initialize (HT_INITIAL_CAPACITY, NULL, hash_semantic_type_hasher, hash_semantic_type_comparator, free); + if (!semantic_type_table) + xalloc_die (); } diff --git a/src/uniqstr.c b/src/uniqstr.c index f654d55e..d5c66846 100644 --- a/src/uniqstr.c +++ b/src/uniqstr.c @@ -162,6 +162,8 @@ uniqstrs_new (void) hash_uniqstr, hash_compare_uniqstr, free); + if (!uniqstrs_table) + xalloc_die (); }