diff options
| author | Guy Harris <guy@alum.mit.edu> | 2018-10-27 15:16:51 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2018-10-27 15:16:51 -0700 |
| commit | e8767c3bc6894d5b3778e3d043762037aa70b3ba (patch) | |
| tree | 9f6f47c204c0c5e757e5f6f77ca0d747a4f2b54f /optimize.c | |
| parent | 849ca429fa7c58aa5e7b99cfc480833796addc6a (diff) | |
Don't call setjmp in code we didn't write.
Using setjmp() in a routine requires that anything whose value needs
*not* to be restored to its value when setjmp() was called in a
longjmp() be declare "volatile".
We can't force Bison or Berkeley YACC to do that with variables in the
parser function, so we can't safely do a setjmp() in the parser
function. *Some* compilers might recognize setjmp() and automatically
do that, either silently or with a warning, but that's not guaranteed by
the C language specification.
This could cause a problem if it trashes the value of local variables
storing pointers to the parser's pushdown stack, if they're assumed to
point to the *current* stack at the time the stack is freed at the end
of the parser function.
Instead, use setjmp/longjmp only inside functions defined in gencode.c;
have all functions called by the parser do a setjmp and, if it returns
1, return a null pointer, and have all those calls check the return
value and, if it's null, do a YYABORT.
Add a bpf_set_error() routine, for use *outside* gencode.c, which just
sets the error string. In the parser, do a YYABORT after calling it;
in the lexical analyzer, return a token even for errors, but make sure
the token will cause the parse to stop.
Credit to OSS-Fuzz for possibly finding this issue (it may be what's
causing crashes in some tests).
Diffstat (limited to 'optimize.c')
| -rw-r--r-- | optimize.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -30,6 +30,7 @@ #include <stdio.h> #include <stdlib.h> #include <memory.h> +#include <setjmp.h> #include <string.h> #include <errno.h> |