BNFC / bnfc

BNF Converter
http://bnfc.digitalgrammars.com/
586 stars 165 forks source link

Mac OS: C++ printer segfaults #242

Closed andreasabel closed 5 years ago

andreasabel commented 5 years ago

Running bnfc-system-tests, I observed that the C++ AST printer for examples/GF/gf.cf https://github.com/BNFC/bnfc/blob/master/examples/GF/gf.cf segfaults when run on examples/GF/example.gf https://github.com/BNFC/bnfc/blob/master/examples/GF/example.gf .

I do not want to debug this. A brief look into the generated printer shows that it has inline functions and destructive update of a buf_ variable.
https://github.com/BNFC/bnfc/blob/344ccde10db8a3117117f9e0b7037faac448afc7/source/src/BNFC/Backend/CPP/PrettyPrinter.hs#L146-L163 I leave this to C++ enthusiasts and fans of pointer manipulations. Happy segfaulting!

$ g++ --version
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk/usr/include/c++/4.2.1
Apple LLVM version 10.0.0 (clang-1000.11.45.5)
Target: x86_64-apple-darwin18.0.0
Thread model: posix
andreasabel commented 5 years ago

Ah, I am too good natured, I fixed it anyway. When you try to strcpy a previously grown buffer buf_ into a buffer temp of BUFFER_INITIAL size, yes, then you segfault on a good operating system. https://github.com/BNFC/bnfc/blob/344ccde10db8a3117117f9e0b7037faac448afc7/source/src/BNFC/Backend/CPP/PrettyPrinter.hs#L141-L156 Good old buffer overrun. Wonder if someone managed to hack machines with bnfc installed through this.