Bug 520073 - cscope gets "Segmentation fault" when a broken C syntax file is given as input
Summary: cscope gets "Segmentation fault" when a broken C syntax file is given as input
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cscope
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Neil Horman
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-28 09:21 UTC by Masatake YAMATO
Modified: 2009-08-31 23:45 UTC (History)
1 user (show)

Fixed In Version: 15.6-4.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-31 23:45:12 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
An input file to reproduce the bug<1> (2 bytes, text/plain)
2009-08-28 09:21 UTC, Masatake YAMATO 		no flags Details
An input file to reproduce the bug<2> (2 bytes, text/plain)
2009-08-28 09:21 UTC, Masatake YAMATO 		no flags Details
A patch fixing the bug I reported. (1.14 KB, patch)
2009-08-28 09:24 UTC, Masatake YAMATO 		no flags Details | Diff
patch to detect lexer errors (1.83 KB, application/octet-stream)
2009-08-28 14:30 UTC, Neil Horman 		no flags Details
Show Obsolete (1) View All

Description Masatake YAMATO 2009-08-28 09:21:02 UTC 
Created attachment 359035 [details]
An input file to reproduce the bug<1>

Description of problem:

cscope gets "Segmentation fault".


Version-Release number of selected component (if applicable):

rpm -qi cscope 
Name        : cscope                       Relocations: (not relocatable)
Version     : 15.6                              Vendor: Fedora Project
Release     : 3.fc11                        Build Date: Tue 24 Feb 2009 07:03:50 PM JST


How reproducible:

Run cscope with given input file
Steps to Reproduce:
1. Save attachment equal.txt and colon.txt to /tmp
2. Run cscope like $ cscope /tmp/equal.txt   (or $ cscope /tmp/colon.txt)

  
Actual results:
$ cscope /tmp/equal.txt 
cscope /tmp/equal.txt 
Building cross-reference...                                                         Segmentation fault

Expected results:

Rejecting or ignoring such broken files

Additional info:
See the attached patch to avoid the bug.
Comment 1 Masatake YAMATO 2009-08-28 09:21:53 UTC 
Created attachment 359036 [details]
An input file to reproduce the bug<2>
Comment 2 Masatake YAMATO 2009-08-28 09:24:22 UTC 
Created attachment 359038 [details]
A patch fixing the bug I reported.

Both rules for = and :, check a buffer (my_yytext) is allocated or not.
Comment 3 Neil Horman 2009-08-28 11:07:55 UTC 
looks good, thank you!
Comment 4 Neil Horman 2009-08-28 13:14:27 UTC 
wait, I'm not sure I see how we're getting into the lexer here without setting my_yytext, and your reproducer files appear empty( they're both 2 bytes long).  Can you reattach them please?
Comment 5 Masatake YAMATO 2009-08-28 13:30:13 UTC 
Please use the files to reproduce the bug.

The files are not empty. They are both 2 bytes long. Even 2 bytes they are enough as input to reproduce the segv.
Comment 6 Neil Horman 2009-08-28 14:05:42 UTC 
Hmm, ok I see the contents now, but I'm more hesitant to fix this now. What you've effectively done is told cscope that a non-c file is a c-file.  As a result you get bad results.  As such, I think we can probably do something here, but just checking for NULL and glossing over the problem isn't the right solution.  If we enter the processing of either of those tokens and my_yytext isn't set I think we need to abort processing, as thats a lexer error.
Comment 7 Masatake YAMATO 2009-08-28 14:17:51 UTC 
I agree with you. Aborting to process the current input file is better than my patch. I will submit a patch to do so next week. Thanks.
Comment 8 Neil Horman 2009-08-28 14:30:27 UTC 
Created attachment 359077 [details]
patch to detect lexer errors 

This is what I just comitted upstream and will commit to F-11 shortly.  I've verified that it fixes the errors that were reported here.
Comment 9 Masatake YAMATO 2009-08-28 14:53:18 UTC 
Thanks. I'll test at home.
Comment 10 Neil Horman 2009-08-28 14:59:19 UTC 
fixed in 15.6-4.  Thanks!
Comment 11 Fedora Update System 2009-08-28 15:30:12 UTC 
cscope-15.6-4.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/cscope-15.6-4.fc11
Comment 12 Fedora Update System 2009-08-31 23:45:08 UTC 
cscope-15.6-4.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.