Bug#324908: gcc: Wrong code generation on amd64.

[Kurt Roeckx <kurt@roeckx.be>]

reassign 324908 filtergen 0.12.4-4
retitle 324908 filtergen: FTBFS on amd64: Segmenation fault: buffer overflow.
thanks

Hi,

Serge Belyshev looked into this closer, and it appears to be a
bug in filtergen after all, and it's a buffer overflow.

The problem:
#define MAXINCLUDES 16
struct inc_stack_s {
    YY_BUFFER_STATE state;
    char * filename;
    long int lineno;
};
struct inc_stack_s inc_stack[MAXINCLUDES] = { { state: 0, filename: NULL, lineno: 1 } };

[...]
void step_into_include_file(const char * fn) {
        FILE * f;

        if (!(f = fopen(fn, "r"))) {
                scan_err("warning: can't open file \"%s\"", fn);
        } else {
                inc_stack[inc_stackptr++].state = YY_CURRENT_BUFFER;

inc_stackptr can be MAXINCLUDES at this point overwriting
things it shouldn't.


I guess the easiest way to solve this is to make inc_stack
of size MAXINCLUDES + 1.  And that also seems to be preventing
the crash.

There are a few other problems I've noticed looking shortly at
the package:
static void scan_err(const char * fmt, ...) {
    va_list args;

    va_start(args, fmt);
    if (inc_stackptr >= 0)
        fprintf(stderr, "%s:%ld: ", filename(), lineno());
    vfprintf(stderr, fmt, args);
    fprintf(stderr, "\n");
}

It's missing a va_stop(args);

And the same goes for oprintf() in filtergen.c

char * filename(void) {
    return inc_stack[inc_stackptr].filename ?: strdup("(standard input)");
}

Why the strdup()?  You can perfectly return a static string
there.  It's also not getting free()'d anywhere.  Also, the "?:"
you're is a gcc extention and you might want to avoid that.

PS: Note that scanner.c is generated from scanner.l, so please
update both of them if you fix it.


Kurt