diff options
author | murf <murf@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-09 16:31:55 +0000 |
---|---|---|
committer | murf <murf@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-09 16:31:55 +0000 |
commit | 9e2244e8e495c2c0d099cfcb62065c8c21da18fc (patch) | |
tree | 3e38d771d31f4278fbe27519f1491d435386579d /pbx/ael/ael.flex | |
parent | 5bc12b2bf3368a5d360f29f9bdfa7aa89f699dac (diff) |
(closes issue #14019)
Reported by: ckjohnsonme
Patches:
14019.diff uploaded by murf (license 17)
Tested by: ckjohnsonme, murf
This crash was the result of a few small errors that
would combine in 64-bit land to result in a crash.
32-bit land might have seen these combine to mysteriously
drop the args to an application call, in certain
circumstances.
Also, in trying to find this bug, I spotted
a situation in the flex input, where, in passing
back a 'word' to the parser, it would allocate
a buffer larger than necessary. I changed the
usage in such situations, so that strdup was
not used, but rather, an ast_malloc, followed
by ast_copy_string.
I removed a field from the pval struct, in
u2, that was never getting used, and set in
one spot in the code. I believe it was an
artifact of a previous fix to make switch
cases work invisibly with extens.
And, for goto's I removed a '!' from
before a strcmp, that has been there
since the initial merging of AEL2, that
might prevent the proper target of a
goto from being found. This was pretty
harmless on its own, as it would just
louse up a consistency check for users.
Many thanks to ckjohnsonme for providing
a simplified and complete set of information
about the bug, that helped considerably in
finding and fixing the problem.
Now, to get aelparse up and running again
in trunk, and out of its "horribly broken" state,
so I can run the regression suite!
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@162013 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'pbx/ael/ael.flex')
-rw-r--r-- | pbx/ael/ael.flex | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/pbx/ael/ael.flex b/pbx/ael/ael.flex index 58bfa369d..6c9bf1827 100644 --- a/pbx/ael/ael.flex +++ b/pbx/ael/ael.flex @@ -302,8 +302,8 @@ includes { STORE_POS; return KW_INCLUDES;} /* a non-word constituent char, like a space, tab, curly, paren, etc */ char c = yytext[yyleng-1]; STORE_POS; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = 0; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(c); /* put this ending char back in the stream */ BEGIN(0); prev_word = yylval->str; @@ -314,7 +314,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } parencount2--; @@ -341,7 +342,8 @@ includes { STORE_POS; return KW_INCLUDES;} ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -353,7 +355,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } parencount3--; @@ -380,7 +383,8 @@ includes { STORE_POS; return KW_INCLUDES;} ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -399,7 +403,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); prev_word = 0; return word; } @@ -408,8 +413,8 @@ includes { STORE_POS; return KW_INCLUDES;} yymore(); } else { STORE_LOC; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(')'); BEGIN(0); return word; @@ -431,7 +436,8 @@ includes { STORE_POS; return KW_INCLUDES;} ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -459,7 +465,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } @@ -471,7 +478,8 @@ includes { STORE_POS; return KW_INCLUDES;} BEGIN(0); if ( !strcmp(yytext, ")") ) return RP; - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ unput(')'); return word; @@ -479,14 +487,14 @@ includes { STORE_POS; return KW_INCLUDES;} } <argg>{NOARGG}\, { - if( parencount != 0) { /* printf("Folding in a comma!\n"); */ + if( parencount != 0) { /* ast_log(LOG_NOTICE,"Folding in a comma!\n"); */ yymore(); } else { STORE_LOC; if( !strcmp(yytext,"," ) ) return COMMA; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(','); return word; } @@ -498,7 +506,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -521,7 +530,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -529,8 +539,8 @@ includes { STORE_POS; return KW_INCLUDES;} <semic>{NOSEMIC}; { STORE_LOC; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(';'); BEGIN(0); return word; |