search

ChrisSteinbach / mscgen

Automatically exported from code.google.com/p/mscgen
GNU General Public License v2.0
0 stars 0 forks source link

Segfaults on bad variable names #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Run "mscgen -T png -o <somefile>" with the following input:

msc {
        monitord, reporter;
        monitor->reporter [ label = "Hello Segfault "];
}

Note that the variable it called "monitord", but is misspelled without the
d later.

What version of the product are you using? On what operating system?
0.15 (pulled from SVN)

As far as I call tell, it does not happen if you swap "monitor" and
"reporter" in the sample about - that is: "reporter->monitor" produces a
"unknown entity"-error instead of segaulting.

Compiling with "-g" and using valgrind I get the following stack-trace(s):

Invalid read of size 4
   at 0x804F688: MscGetEntAttrib (msc.c:597)
   by 0x804B0D7: main (main.c:1248)
  Address 0x4 is not stack'd, malloc'd or (recently) free'd

Process terminating with default action of signal 11 (SIGSEGV)
 Access not within mapped region at address 0x4
   at 0x804F688: MscGetEntAttrib (msc.c:597)
   by 0x804B0D7: main (main.c:1248)

~Niels

Original issue reported on code.google.com by NThykier@gmail.com on 19 Jun 2009 at 1:39

GoogleCodeExporter commented 9 years ago 
I have reproduced.

Original comment by Michael....@gmail.com on 19 Jun 2009 at 8:20

GoogleCodeExporter commented 9 years ago 
I checked with a printf statement and the "entity" pointer (in parser/msc.c 
line 597)
is in fact a NULL pointer (Which run-time apparently is/was mapped to the 0x4 
address
on my machine).

This also fits the loop just above line 597, which terminates if entity is 
"NULL"
(when there are no more valid entities).

Replacing line 597 with

[code]
   if(entity != NULL){
      r = findAttrib(entity->attr, a);
    } else {
      r = NULL;
    }
[/code]

fixes this issue for me - That is the segfault disappears and mscgen prints 
"Unknown
source entity 'monitor'".

~Niels

Original comment by NThykier@gmail.com on 22 Jun 2009 at 3:33

GoogleCodeExporter commented 9 years ago 
Changes added and code made a little better at revision #24.

Thanks for reporting and providing a fix.

Original comment by Michael....@gmail.com on 28 Jun 2009 at 2:38