segfault in libconfuse when using include() in cfg_parse_buf

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

segfault in libconfuse when using include() in cfg_parse_buf

Carlo Marcelo Arenas Belon
Greetings,

the following (hello.c) modified version of the "hello world" example
from the tutorial segfaults when running with the "--buffer" option, as
shown by the following backtrace from a linux amd64 system :

Program received signal SIGSEGV, Segmentation fault.
0x0000000000404515 in cfg_yy_load_buffer_state () at lexer.c:1707
1707            (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
(gdb) bt
#0  0x0000000000404515 in cfg_yy_load_buffer_state () at lexer.c:1707
#1  0x0000000000404a9d in cfg_yy_switch_to_buffer (new_buffer=0x0) at
lexer.c:1695
#2  0x0000000000404b3c in cfg_scan_string_end () at lexer.l:340
#3  0x0000000000403fe1 in cfg_parse_buf (cfg=<value optimized out>,
buf=0x60a310 "include (\"name.conf\")\n") at confuse.c:1088
#4  0x000000000040179c in main (argc=<value optimized out>,
argv=0x7fff13cd3108) at hello.c:33

the obvious patch avoids the segfault but interrupts the configuration
processing after the include is completed and is therefore incorrect :

Index: src/lexer.l
===================================================================
RCS file: /sources/confuse/confuse/src/lexer.l,v
retrieving revision 1.13
diff -u -r1.13 lexer.l
--- src/lexer.l 13 Oct 2007 20:01:45 -0000      1.13
+++ src/lexer.l 30 Nov 2008 07:34:10 -0000
@@ -336,7 +336,8 @@
     /* restore to previous state
      */
     yy_delete_buffer(string_scan_state);
-    yy_switch_to_buffer(pre_string_scan_state);
+    if (pre_string_scan_state)
+        yy_switch_to_buffer(pre_string_scan_state);
     free(cfg_qstring);
     cfg_qstring = 0;
     qstring_index = qstring_len = 0;

looking at the cfg_include code it would seem that most of it is designed
to manipulate file buffers and therefore string manipulation (specially
as used in cfg_scan_string_*) for memory buffers isn't expected to be used
in this context.

does anyone with a better insight into libconfuse internals could comment?
and if that is the case is there a better way to signal and error other
than a segfault?

Carlo

_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel

hello.conf (23 bytes) Download Attachment
name.conf (22 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: segfault in libconfuse when using include() in cfg_parse_buf

Carlo Marcelo Arenas Belon
... better if including the C program that was mentioned

Carlo

---

_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel

hello.c (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

[RFC] avoid sefgault when using include while cfg_parse_buf

Carlo Marcelo Arenas Belon
In reply to this post by Carlo Marcelo Arenas Belon
Greetings,

the following prevents the segfault reported in this thread (tested with
trunk in Fedora 10 x86) and avoids the truncated parsing of the
configuration file restoring functionality (at least for the test case).

it strangely partially reverting a change committed in version 1.9 of the
lexer and that has a log that says :

  "fixed segfault with include-files and parsing from strings"

anyone has any comments on this that could help verify whatever was
fixed at that time is not regressed with this fix?

Carlo

---

_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel

confuse-parsebuf-include-segfault.patch (754 bytes) Download Attachment