On Tue, Jun 19, 2007 at 09:12:36PM +0400, Alexey Dobriyan wrote:
> sparse can segfault in while loop in is_string_literal():
>
> static int is_string_literal(struct expression **v)
> {
> struct expression *e = *v;
> while (e->type == EXPR_PREOP && e->op == '(')
> ===> e = e->unop; <===
>
> Here expression is NULL.
>
> Steps to reproduce:
>
> $ echo 'char a[][] = {(};' | sparse -
> -:1:16: error: Expected ) in expression
> -:1:16: error: got }
> Segmentation fault
Gaack... The fix is obvious (add e && into that condition and into
e->type == EXPR_STRING a couple of lines below), but... I wonder
if adding EXPR_BAD and using it to deal with such crap in parser
would be better. Comments?
-
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
