diff options
| author | murf <murf@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-09 16:31:55 +0000 |
|---|---|---|
| committer | murf <murf@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-09 16:31:55 +0000 |
| commit | 9e2244e8e495c2c0d099cfcb62065c8c21da18fc (patch) | |
| tree | 3e38d771d31f4278fbe27519f1491d435386579d /pbx | |
| parent | 5bc12b2bf3368a5d360f29f9bdfa7aa89f699dac (diff) | |
(closes issue #14019)
Reported by: ckjohnsonme
Patches:
14019.diff uploaded by murf (license 17)
Tested by: ckjohnsonme, murf
This crash was the result of a few small errors that
would combine in 64-bit land to result in a crash.
32-bit land might have seen these combine to mysteriously
drop the args to an application call, in certain
circumstances.
Also, in trying to find this bug, I spotted
a situation in the flex input, where, in passing
back a 'word' to the parser, it would allocate
a buffer larger than necessary. I changed the
usage in such situations, so that strdup was
not used, but rather, an ast_malloc, followed
by ast_copy_string.
I removed a field from the pval struct, in
u2, that was never getting used, and set in
one spot in the code. I believe it was an
artifact of a previous fix to make switch
cases work invisibly with extens.
And, for goto's I removed a '!' from
before a strcmp, that has been there
since the initial merging of AEL2, that
might prevent the proper target of a
goto from being found. This was pretty
harmless on its own, as it would just
louse up a consistency check for users.
Many thanks to ckjohnsonme for providing
a simplified and complete set of information
about the bug, that helped considerably in
finding and fixing the problem.
Now, to get aelparse up and running again
in trunk, and out of its "horribly broken" state,
so I can run the regression suite!
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@162013 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'pbx')
| -rw-r--r-- | pbx/ael/ael.flex | 48 | ||||
| -rw-r--r-- | pbx/ael/ael_lex.c | 88 | ||||
| -rw-r--r-- | pbx/pbx_ael.c | 4 |
3 files changed, 80 insertions, 60 deletions
diff --git a/pbx/ael/ael.flex b/pbx/ael/ael.flex index 58bfa369d..6c9bf1827 100644 --- a/pbx/ael/ael.flex +++ b/pbx/ael/ael.flex @@ -302,8 +302,8 @@ includes { STORE_POS; return KW_INCLUDES;} /* a non-word constituent char, like a space, tab, curly, paren, etc */ char c = yytext[yyleng-1]; STORE_POS; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = 0; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(c); /* put this ending char back in the stream */ BEGIN(0); prev_word = yylval->str; @@ -314,7 +314,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } parencount2--; @@ -341,7 +342,8 @@ includes { STORE_POS; return KW_INCLUDES;} ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -353,7 +355,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } parencount3--; @@ -380,7 +383,8 @@ includes { STORE_POS; return KW_INCLUDES;} ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -399,7 +403,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); prev_word = 0; return word; } @@ -408,8 +413,8 @@ includes { STORE_POS; return KW_INCLUDES;} yymore(); } else { STORE_LOC; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(')'); BEGIN(0); return word; @@ -431,7 +436,8 @@ includes { STORE_POS; return KW_INCLUDES;} ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -459,7 +465,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } @@ -471,7 +478,8 @@ includes { STORE_POS; return KW_INCLUDES;} BEGIN(0); if ( !strcmp(yytext, ")") ) return RP; - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ unput(')'); return word; @@ -479,14 +487,14 @@ includes { STORE_POS; return KW_INCLUDES;} } <argg>{NOARGG}\, { - if( parencount != 0) { /* printf("Folding in a comma!\n"); */ + if( parencount != 0) { /* ast_log(LOG_NOTICE,"Folding in a comma!\n"); */ yymore(); } else { STORE_LOC; if( !strcmp(yytext,"," ) ) return COMMA; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(','); return word; } @@ -498,7 +506,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -521,7 +530,8 @@ includes { STORE_POS; return KW_INCLUDES;} STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -529,8 +539,8 @@ includes { STORE_POS; return KW_INCLUDES;} <semic>{NOSEMIC}; { STORE_LOC; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(';'); BEGIN(0); return word; diff --git a/pbx/ael/ael_lex.c b/pbx/ael/ael_lex.c index 8dac7dc06..9b880ea2b 100644 --- a/pbx/ael/ael_lex.c +++ b/pbx/ael/ael_lex.c @@ -1602,8 +1602,8 @@ YY_RULE_SETUP /* a non-word constituent char, like a space, tab, curly, paren, etc */ char c = yytext[yyleng-1]; STORE_POS; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = 0; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(c); /* put this ending char back in the stream */ BEGIN(0); prev_word = yylval->str; @@ -1619,7 +1619,8 @@ YY_RULE_SETUP STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } parencount2--; @@ -1634,7 +1635,7 @@ YY_RULE_SETUP case 57: /* rule 57 can match eol */ YY_RULE_SETUP -#line 329 "ael.flex" +#line 330 "ael.flex" { char c = yytext[yyleng-1]; if (c == '{') @@ -1646,7 +1647,7 @@ YY_RULE_SETUP case 58: /* rule 58 can match eol */ YY_RULE_SETUP -#line 337 "ael.flex" +#line 338 "ael.flex" { char c = yytext[yyleng-1]; if ( pbcpop2(c)) { /* error */ @@ -1654,7 +1655,8 @@ YY_RULE_SETUP ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -1663,13 +1665,14 @@ YY_RULE_SETUP case 59: /* rule 59 can match eol */ YY_RULE_SETUP -#line 351 "ael.flex" +#line 353 "ael.flex" { if ( pbcpop3(']') ) { /* error */ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } parencount3--; @@ -1684,7 +1687,7 @@ YY_RULE_SETUP case 60: /* rule 60 can match eol */ YY_RULE_SETUP -#line 368 "ael.flex" +#line 371 "ael.flex" { char c = yytext[yyleng-1]; if (c == '[') @@ -1696,7 +1699,7 @@ YY_RULE_SETUP case 61: /* rule 61 can match eol */ YY_RULE_SETUP -#line 376 "ael.flex" +#line 379 "ael.flex" { char c = yytext[yyleng-1]; if ( pbcpop3(c)) { /* error */ @@ -1704,7 +1707,8 @@ YY_RULE_SETUP ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -1720,13 +1724,14 @@ YY_RULE_SETUP case 62: /* rule 62 can match eol */ YY_RULE_SETUP -#line 397 "ael.flex" +#line 401 "ael.flex" { if ( pbcpop(')') ) { /* error */ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); prev_word = 0; return word; } @@ -1735,8 +1740,8 @@ YY_RULE_SETUP yymore(); } else { STORE_LOC; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(')'); BEGIN(0); return word; @@ -1746,7 +1751,7 @@ YY_RULE_SETUP case 63: /* rule 63 can match eol */ YY_RULE_SETUP -#line 419 "ael.flex" +#line 424 "ael.flex" { char c = yytext[yyleng-1]; if (c == '(') @@ -1758,7 +1763,7 @@ YY_RULE_SETUP case 64: /* rule 64 can match eol */ YY_RULE_SETUP -#line 427 "ael.flex" +#line 432 "ael.flex" { char c = yytext[yyleng-1]; if ( pbcpop(c)) { /* error */ @@ -1766,7 +1771,8 @@ YY_RULE_SETUP ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -1783,7 +1789,7 @@ YY_RULE_SETUP case 65: /* rule 65 can match eol */ YY_RULE_SETUP -#line 449 "ael.flex" +#line 455 "ael.flex" { char c = yytext[yyleng-1]; if (c == '(') @@ -1795,13 +1801,14 @@ YY_RULE_SETUP case 66: /* rule 66 can match eol */ YY_RULE_SETUP -#line 457 "ael.flex" +#line 463 "ael.flex" { if ( pbcpop(')') ) { /* error */ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } @@ -1813,7 +1820,8 @@ YY_RULE_SETUP BEGIN(0); if ( !strcmp(yytext, ")") ) return RP; - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ unput(')'); return word; @@ -1823,16 +1831,16 @@ YY_RULE_SETUP case 67: /* rule 67 can match eol */ YY_RULE_SETUP -#line 481 "ael.flex" +#line 489 "ael.flex" { - if( parencount != 0) { /* printf("Folding in a comma!\n"); */ + if( parencount != 0) { /* ast_log(LOG_NOTICE,"Folding in a comma!\n"); */ yymore(); } else { STORE_LOC; if( !strcmp(yytext,"," ) ) return COMMA; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(','); return word; } @@ -1841,14 +1849,15 @@ YY_RULE_SETUP case 68: /* rule 68 can match eol */ YY_RULE_SETUP -#line 495 "ael.flex" +#line 503 "ael.flex" { char c = yytext[yyleng-1]; if ( pbcpop(c) ) { /* error */ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -1862,7 +1871,7 @@ YY_RULE_SETUP case 69: /* rule 69 can match eol */ YY_RULE_SETUP -#line 512 "ael.flex" +#line 521 "ael.flex" { char c = yytext[yyleng-1]; yymore(); @@ -1872,14 +1881,15 @@ YY_RULE_SETUP case 70: /* rule 70 can match eol */ YY_RULE_SETUP -#line 518 "ael.flex" +#line 527 "ael.flex" { char c = yytext[yyleng-1]; if ( pbcpop(c) ) { /* error */ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = ast_malloc(yyleng+1); + ast_copy_string(yylval->str, yytext, yyleng+1); return word; } yymore(); @@ -1888,11 +1898,11 @@ YY_RULE_SETUP case 71: /* rule 71 can match eol */ YY_RULE_SETUP -#line 530 "ael.flex" +#line 540 "ael.flex" { STORE_LOC; - yylval->str = strdup(yytext); - yylval->str[yyleng-1] = '\0'; + yylval->str = ast_malloc(yyleng); + ast_copy_string(yylval->str, yytext, yyleng); unput(';'); BEGIN(0); return word; @@ -1901,7 +1911,7 @@ YY_RULE_SETUP case 72: /* rule 72 can match eol */ YY_RULE_SETUP -#line 539 "ael.flex" +#line 549 "ael.flex" { char fnamebuf[1024],*p1,*p2; int glob_ret; @@ -1950,7 +1960,7 @@ case YY_STATE_EOF(comment): case YY_STATE_EOF(curlystate): case YY_STATE_EOF(wordstate): case YY_STATE_EOF(brackstate): -#line 580 "ael.flex" +#line 590 "ael.flex" { char fnamebuf[2048]; if (include_stack_index > 0 && include_stack[include_stack_index-1].globbuf_pos < include_stack[include_stack_index-1].globbuf.gl_pathc-1) { @@ -1985,10 +1995,10 @@ case YY_STATE_EOF(brackstate): YY_BREAK case 73: YY_RULE_SETUP -#line 612 "ael.flex" +#line 622 "ael.flex" ECHO; YY_BREAK -#line 1991 "ael_lex.c" +#line 2001 "ael_lex.c" case YY_END_OF_BUFFER: { @@ -3161,7 +3171,7 @@ void *ael_yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) #define YYTABLES_NAME "yytables" -#line 612 "ael.flex" +#line 622 "ael.flex" diff --git a/pbx/pbx_ael.c b/pbx/pbx_ael.c index d68c7c547..23454dd98 100644 --- a/pbx/pbx_ael.c +++ b/pbx/pbx_ael.c @@ -712,7 +712,7 @@ static int extension_matches(pval *here, const char *exten, const char *pattern) regex_t preg; /* simple case, they match exactly, the pattern and exten name */ - if( !strcmp(pattern,exten) == 0 ) + if( strcmp(pattern,exten) == 0 ) return 1; if ( pattern[0] == '_' ) { @@ -3267,7 +3267,7 @@ static void gen_prios(struct ael_extension *exten, char *label, pval *statement, pr->type = AEL_APPCALL; p->u2.goto_target = get_goto_target(p); if( p->u2.goto_target ) { - p->u3.goto_target_in_case = p->u2.goto_target->u2.label_in_case = label_inside_case(p->u2.goto_target); + p->u3.goto_target_in_case = label_inside_case(p->u2.goto_target); } if (!p->u1.list->next) /* just one */ { |