Re: crashed gawk '{one!=one=$1}'

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crashed gawk '{one!=one=$1}'

From:	Aharon Robbins
Subject:	Re: crashed gawk '{one!=one=$1}'
Date:	Thu, 4 Oct 2001 18:32:39 +0200

Greetings. Re this:

> To: address@hidden
> From: Dan Jacobson <address@hidden>
> Subject: crashed gawk '{one!=one=$1}'
>
> I am proud to say that I have crashed gawk:

Gee, why does this make you "proud"?  Got something personal
against me?

> $ yes|sed 2q|awk '{one!=one=$1}' 
> Segmentation fault
> $ awk --version
> GNU Awk 3.1.0
> It was a typo, I didn't do it on purpose.  No I haven't tried to
> figure out what '{one!=one=$1}' means.  All I know is that
> "Segmentation fault" is just too cold a response.

This was a memory corruption problem that was an absolute bear to
track down.  Thanks for the simple program to reproduce it though.
Here is a patch.

Arnold
---------------------------------------------------------------------
Thu Oct  4 18:20:36 2001  Arnold D. Robbins  <address@hidden>

        * eval.c (r_tree_eval): For comparison, dupnode() results of
          evaluation so that we can hang on to them and avoid memory
          corruption.  Change calls to free_temp() to unref().

*** ../gawk-3.1.0/eval.c        Tue May 15 08:56:31 2001
--- eval.c      Thu Oct  4 18:22:35 2001
***************
*** 949,957 ****
                break;  /* handled below */
        }
  
!       /* evaluate subtrees in order to do binary operation, then keep going */
!       t1 = tree_eval(tree->lnode);
!       t2 = tree_eval(tree->rnode);
  
        switch (tree->type) {
        case Node_geq:
--- 946,958 ----
                break;  /* handled below */
        }
  
!       /*
!        * Evaluate subtrees in order to do binary operation, then keep going.
!        * Use dupnode to make sure that these values don't disappear out
!        * from under us during recursive subexpression evaluation.
!        */
!       t1 = dupnode(tree_eval(tree->lnode));
!       t2 = dupnode(tree_eval(tree->rnode));
  
        switch (tree->type) {
        case Node_geq:
***************
*** 961,968 ****
        case Node_notequal:
        case Node_equal:
                di = cmp_nodes(t1, t2);
!               free_temp(t1);
!               free_temp(t2);
                switch (tree->type) {
                case Node_equal:
                        return tmp_number((AWKNUM) (di == 0));
--- 962,969 ----
        case Node_notequal:
        case Node_equal:
                di = cmp_nodes(t1, t2);
!               unref(t1);
!               unref(t2);
                switch (tree->type) {
                case Node_equal:
                        return tmp_number((AWKNUM) (di == 0));
***************
*** 985,993 ****
        }
  
        x1 = force_number(t1);
-       free_temp(t1);
        x2 = force_number(t2);
!       free_temp(t2);
        switch (tree->type) {
        case Node_exp:
                if ((lx = x2) == x2 && lx >= 0) {       /* integer exponent */
--- 986,994 ----
        }
  
        x1 = force_number(t1);
        x2 = force_number(t2);
!       unref(t1);
!       unref(t2);
        switch (tree->type) {
        case Node_exp:
                if ((lx = x2) == x2 && lx >= 0) {       /* integer exponent */

[Prev in Thread]

Current Thread

[Next in Thread]

crashed gawk '{one!=one=$1}', Dan Jacobson, 2001/10/02
- Re: crashed gawk '{one!=one=$1}', Aharon Robbins <=
  - Re: crashed gawk '{one!=one=$1}', Miles Bader, 2001/10/04
  - Re: crashed gawk '{one!=one=$1}', Dan Jacobson, 2001/10/05
    - Re: crashed gawk '{one!=one=$1}', Eli Zaretskii, 2001/10/10
- Re: crashed gawk '{one!=one=$1}', Aharon Robbins, 2001/10/15

Prev by Date: Re: unecessary binaries
Next by Date: bug in AS.EXE
Previous by thread: crashed gawk '{one!=one=$1}'
Next by thread: Re: crashed gawk '{one!=one=$1}'
Index(es):
- Date
- Thread