From 1158576622d677884a3ce4aa169873d453897c9d Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Thu, 15 Sep 2016 18:32:21 -0700
Subject: Don't pick up junk from an unset error-number variable.

Keep the actual error code and pointer-to-error-string in the scanner
state, rather than pointers to the variables passed in to us.
Initialize them to 0 and NULL, respectively.

That way, when the actual scanner routine returns, we don't check for an
error by looking at the error variable pointed to by our argument, which
might not have been set by the scanner and might have stack junk in it,
we look at a structure member we set to 0 before the scan.

Change-Id: I81a4fd6d5cf5e56f5638fae1253c48dc50c9c36d
Reviewed-on: https://code.wireshark.org/review/17721
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 wiretap/ascend-int.h     |  4 ++--
 wiretap/ascend.y         | 10 +++++++---
 wiretap/ascend_scanner.l |  8 ++++----
 3 files changed, 13 insertions(+), 9 deletions(-)

(limited to 'wiretap')

diff --git a/wiretap/ascend-int.h b/wiretap/ascend-int.h
index c6bb3cc019..791cf751ae 100644
--- a/wiretap/ascend-int.h
+++ b/wiretap/ascend-int.h
@@ -36,8 +36,8 @@ typedef struct {
 typedef struct {
 	FILE_T fh;
 	const gchar *ascend_parse_error;
-	int *err;
-	gchar **err_info;
+	int err;
+	gchar *err_info;
 	struct ascend_phdr *pseudo_header;
 	guint8 *pkt_data;
 
diff --git a/wiretap/ascend.y b/wiretap/ascend.y
index fdd6be7c51..cc1bda085f 100644
--- a/wiretap/ascend.y
+++ b/wiretap/ascend.y
@@ -448,6 +448,7 @@ run_ascend_parser(FILE_T fh, struct wtap_pkthdr *phdr, guint8 *pd,
                   ascend_state_t *parser_state, int *err, gchar **err_info)
 {
   yyscan_t scanner = NULL;
+  int status;
 
   if (ascendlex_init(&scanner) != 0) {
     /* errno is set if this fails */
@@ -459,8 +460,8 @@ run_ascend_parser(FILE_T fh, struct wtap_pkthdr *phdr, guint8 *pd,
   ascendset_extra(parser_state, scanner);
   parser_state->fh = fh;
   parser_state->ascend_parse_error = NULL;
-  parser_state->err = err;
-  parser_state->err_info = err_info;
+  parser_state->err = 0;
+  parser_state->err_info = NULL;
   parser_state->pseudo_header = &phdr->pseudo_header.ascend;
   parser_state->pkt_data = pd;
 
@@ -490,7 +491,10 @@ run_ascend_parser(FILE_T fh, struct wtap_pkthdr *phdr, guint8 *pd,
    */
   parser_state->pseudo_header->call_num[0] = '\0';
 
-  return yyparse(scanner, parser_state, fh);
+  status = yyparse(scanner, parser_state, fh);
+  *err = parser_state->err;
+  *err_info = parser_state->err_info;
+  return status;
 }
 
 void
diff --git a/wiretap/ascend_scanner.l b/wiretap/ascend_scanner.l
index 260d820b46..887311ee54 100644
--- a/wiretap/ascend_scanner.l
+++ b/wiretap/ascend_scanner.l
@@ -79,10 +79,10 @@
 	ascend_state_t *parser_state = ascendget_extra(yyscanner); \
 	int c = file_getc(parser_state->fh); \
 	if (c == EOF) { \
-		*(parser_state->err) = file_error(parser_state->fh, \
-		    parser_state->err_info); \
-		if (*(parser_state->err) == 0) \
-			*(parser_state->err) = WTAP_ERR_SHORT_READ; \
+		parser_state->err = file_error(parser_state->fh, \
+		    &parser_state->err_info); \
+		if (parser_state->err == 0) \
+			parser_state->err = WTAP_ERR_SHORT_READ; \
 		result = YY_NULL; \
 	} else { \
 		buf[0] = c; \
-- 
cgit v1.2.3