Bug 56607 - Coredumps on some input
Coredumps on some input
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: bison (Show other bugs)
1.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Ngo Than
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-11-21 16:07 EST by Enrico Scholz
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-11-21 16:07:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Enrico Scholz 2001-11-21 16:07:53 EST
Description of Problem:

When trying to build lclint beta-release I get a bison coredump while
compiling its cgrammar.y file. Using ElectricFence shows a duplicate free()
in src/symtab.c:145:

|  XFREE(bp->tag)


src/reduce.c:362 seems to responsible:

|  free(tags[i]);

because tags[i] is assigned as 'tags[bp->value] = bp->tag;' in reader.c.
Therefore, multiple free() can happen on the same bp->tag.

Removing the line in reduce.c removes the coredump also, but I don't know
if it opens memory leaks (I have not found a place where tags[i] got a
newly allocated value assigned, so this should not happen).

BTW: Please add an URL tag to the rpm-package; it would make it easier to
determine an address for upstream bugreports.


Version-Release number of selected component (if applicable):

bison-1.30-2
ElectricFence-2.2.2-8


How Reproducible:

everytime


Steps to Reproduce:
1. wget http://lclint.cs.virginia.edu/downloads/lclint-3.0.0.17.src.tgz
2. tar -xzf lclint-3.0.0.17.src.tgz
3. cd lclint-3.0.0.17/src/
4. export EF_PROTECT_FREE=1
4. ef bison -d cgrammar.y


Actual Results:

$ ef bison -d cgrammar.y

  Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens <bruce@perens.com>
cgrammar.y contains 1 useless nonterminal and 1 useless rule

ElectricFence Aborting: free(404d4fe8): address not from malloc().
/usr/bin/ef: line 20:  8535 Illegal instruction     (core dumped) ( export
LD_PRELOAD=libefence.so.0.0; exec $* )


Expected Results:

no coredump
Comment 1 Ngo Than 2001-11-25 17:53:34 EST
Thanks for your infos. It should be fixed in bison-1.30-3.
sorry, i don't find a valid Url for bison!
Comment 2 Enrico Scholz 2001-11-26 15:21:23 EST
FYI: reported it upstream (see
http://mail.gnu.org/pipermail/bug-bison/2001-November/000893.html)

URL tag should be "http://www.gnu.org/software/bison/bison.html"

Note You need to log in before you can comment on or make changes to this bug.