View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000633 | LDMud 3.3 | LPC Compiler/Preprocessor | public | 2009-05-04 03:46 | 2009-05-04 05:23 |
| Reporter | invisible | Assigned To | Gnomi | ||
| Priority | normal | Severity | crash | Reproducibility | sometimes |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 3.3.719 | ||||
| Summary | 0000633: Access of undefined/undeclared variable crashes 3.3.718 on amd64 | ||||
| Description | A call to a function, using an undeclared variable as argument *sometimes* (don't ask me why) crashes ldmud-3.3.718 compiled on amd64. foo() - works (produces an "Undefined function 'foo' near ';'.", execution continues) foo(bar) - crash after message "Variable bar not declared ! before ';'." The segfault happens at line 10865 in prolang.y: $$.type = V_VARIABLE(i)->type; It seems, that V_VARIABLE(i) is NULL or another improper value when the variable is undefined. Strange thing: I'd expect this to crash *always* not only occasionally and not only on amd64. The really annoing things about this bug are: a) it happens only occasionally (some calls to "foo(bar)" just produce the error message compaining about the undefined variable 'bar' but the driver continues to work - as expected) - I really can't imagine why b) it does *not* happen on our 'production'-server, running the very same version just compiled for i386 - again: shouldn't this always crash? Is there another path in the driver where V_VARIABLE(i) gets checked more thoroughly? c) it is so simple to crash the driver; undeclared variables appear all the time while programming... | ||||
| Additional Information | gdb output: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f377f65a6e0 (LWP 5864)] 0x000000000048de3c in yyparse () at prolang.y:10865 10865 $$.type = V_VARIABLE(i)->type; (gdb) bt #0 0x000000000048de3c in yyparse () at prolang.y:10865 0000001 0x00000000004965fa in compile_file (fd=11, fname=0x7f377ce87767 "home/invisible/ccall.c", isMasterObj=<value optimized out>) at prolang.y:16823 0000002 0x00000000004a7c99 in load_object (lname=<value optimized out>, create_super=false, depth=0, isMasterObj=false, chain=0x0) at simulate.c:1981 0000003 0x00000000004a8494 in lookfor_object (str=<value optimized out>, bLoad=true) at simulate.c:2426 0000004 0x0000000000454229 in eval_instruction ( first_instruction=<value optimized out>, initial_sp=<value optimized out>) at interpret.c:16276 0000005 0x00000000004ab532 in catch_instruction (flags=0, offset=<value optimized out>, i_sp=0x7ad048, i_pc=0x7f377cfe2a2f "a\036\003\n »b´b{\004(j\v\n\212\036\004*¥\t", i_fp=<value optimized out>, reserve_cost=10000, i_context=0x0) at simulate.c:449 0000006 0x000000000044c52c in eval_instruction ( first_instruction=<value optimized out>, initial_sp=<value optimized out>) at interpret.c:9506 0000007 0x000000000045a113 in int_call_lambda (lsvp=<value optimized out>, num_arg=1, allowRefs=false) at interpret.c:17913 0000008 0x000000000045a7fe in v_funcall (sp=0x736370, num_arg=2) at interpret.c:20451 0000009 0x00000000004507aa in eval_instruction ( first_instruction=<value optimized out>, initial_sp=<value optimized out>) at interpret.c:8297 0000010 0x0000000000459418 in apply_low (fun=<value optimized out>, ob=0x7f377ce2b0e8, num_arg=1, b_ign_prot=false, allowRefs=false) at interpret.c:16836 0000011 0x000000000044a58d in int_apply (fun=0x34, ob=0x7fff87675cce, num_arg=2094053465, b_ign_prot=<value optimized out>, b_use_default=true) at interpret.c:17027 0000012 0x000000000044b195 in sapply_int (fun=0x7f377d102ef0, ob=0x7f377ce2b0e8, num_arg=1, b_find_static=122, b_use_default=true) at interpret.c:17188 0000013 0x0000000000405dcd in parse_command ( buff=0x7fff87679020 "xcall #foo(barbaz)", from_efun=false) at actions.c:1102 #14 0x000000000040773a in execute_command ( str=0x7fff87679020 "xcall #foo(barbaz)", ob=0x7f377ce2b0e8) #15 0x000000000040e96d in backend () at backend.c:673 #16 0x000000000046849d in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:625 (gdb) You can download the coredump at http://xover.mud.at/~invisible/temp/ldmud-3.3.718-core (25MB) (program compiled via 'sh settings/beutelland', original from 3.3.718 + "enable_use_mccp=yes", plus "-ggdb3" added to $DEBUG in the Makefile) | ||||
| Tags | No tags attached. | ||||
| Attached Files | r2499.diff (4,944 bytes)
Index: trunk/CHANGELOG
===================================================================
--- trunk/CHANGELOG (Revision 2498)
+++ trunk/CHANGELOG (Revision 2499)
@@ -1,6 +1,10 @@
This file lists all changes made to the game driver in all glory detail.
See the file HISTORY for a user-oriented summary of all the changes.
+17-Jan-2008 (Fuchur)
+ - (prolang.y)
+ check return value of verify_declared() - fixes a crash in t-language
+
17-Jan-2009 (Gnomi)
- (object.c)
Save_object without a filename removed one too many elements
Index: trunk/src/prolang.y
===================================================================
--- trunk/src/prolang.y (Revision 2498)
+++ trunk/src/prolang.y (Revision 2499)
@@ -3472,6 +3472,11 @@
define_variable(name, actual_type);
i = verify_declared(name); /* Is the var declared? */
+#ifdef DEBUG
+ if (i == -1)
+ fatal("Variable not declared after defining it.\n");
+#endif
+
/* Initialize float values with 0.0. */
if (with_init
|| (!(actual_type.typeflags & TYPE_MOD_POINTER)
@@ -9604,54 +9609,44 @@
%line
$$.start = $1.start;
i = verify_declared($2);
+ if (i == -1)
+ /* Variable not declared. */
+ YYACCEPT;
- if (i != -1)
+ if (i & VIRTUAL_VAR_TAG)
{
-
- if (i & VIRTUAL_VAR_TAG)
+ add_f_code(F_PUSH_VIRTUAL_VARIABLE_LVALUE);
+ add_byte(i);
+ lvtype = V_VARIABLE(i)->type;
+ lvtype.typeflags &= TYPE_MOD_MASK;
+ }
+ else
+ {
+ if ((i + num_virtual_variables) & ~0xff)
{
- add_f_code(F_PUSH_VIRTUAL_VARIABLE_LVALUE);
- add_byte(i);
- lvtype = V_VARIABLE(i)->type;
- lvtype.typeflags &= TYPE_MOD_MASK;
+ add_f_code(F_PUSH_IDENTIFIER16_LVALUE);
+ add_short(i + num_virtual_variables);
+ CURRENT_PROGRAM_SIZE += 1;
}
else
{
- if ((i + num_virtual_variables) & ~0xff)
- {
- add_f_code(F_PUSH_IDENTIFIER16_LVALUE);
- add_short(i + num_virtual_variables);
- CURRENT_PROGRAM_SIZE += 1;
- }
- else
- {
- add_f_code(F_PUSH_IDENTIFIER_LVALUE);
- add_byte(i + num_virtual_variables);
- }
- lvtype = NV_VARIABLE(i)->type;
- lvtype.typeflags &= TYPE_MOD_MASK;
+ add_f_code(F_PUSH_IDENTIFIER_LVALUE);
+ add_byte(i + num_virtual_variables);
}
+ lvtype = NV_VARIABLE(i)->type;
+ lvtype.typeflags &= TYPE_MOD_MASK;
+ }
- if (exact_types.typeflags
- && !BASIC_TYPE(lvtype, Type_Number)
- && !BASIC_TYPE(lvtype, Type_Float))
- {
- argument_type_error($1.code, lvtype);
- }
-
- CURRENT_PROGRAM_SIZE += 2;
- }
- else
+ if (exact_types.typeflags
+ && !BASIC_TYPE(lvtype, Type_Number)
+ && !BASIC_TYPE(lvtype, Type_Float))
{
- /* Variable not declared - try to recover */
- YYACCEPT;
-
- lvtype = Type_Any;
+ argument_type_error($1.code, lvtype);
}
- last_expression = CURRENT_PROGRAM_SIZE;
+ last_expression = CURRENT_PROGRAM_SIZE + 2;
- CURRENT_PROGRAM_SIZE += 1;
+ CURRENT_PROGRAM_SIZE += 3;
add_f_code($1.code);
$$.end = CURRENT_PROGRAM_SIZE;
@@ -10591,6 +10586,9 @@
bytecode_p p;
%line
i = verify_declared($2);
+ if (i == -1)
+ /* variable not declared */
+ YYACCEPT;
$$.start = current = CURRENT_PROGRAM_SIZE;
$$.code = -1;
@@ -10844,6 +10842,9 @@
bytecode_p p;
%line
i = verify_declared($1);
+ if (i == -1)
+ /* variable not declared */
+ YYACCEPT;
$$.start = current = CURRENT_PROGRAM_SIZE;
$$.end = 0;
@@ -11474,6 +11475,10 @@
%line
$$.length = 0;
i = verify_declared($1);
+ if (i == -1)
+ /* variable not declared */
+ YYACCEPT;
+
if (i & VIRTUAL_VAR_TAG)
{
$$.u.simple[0] = F_PUSH_VIRTUAL_VARIABLE_LVALUE;
@@ -13557,7 +13562,12 @@
int i;
%line
$$ = 1 + $1;
+
i = verify_declared($3);
+ if (i == -1)
+ /* variable not declared */
+ YYACCEPT;
+
if (i & VIRTUAL_VAR_TAG)
{
ins_f_code(F_PUSH_VIRTUAL_VARIABLE_LVALUE);
| ||||
|
|
Could you make the exact binary which wrote the core also available for download? (Otherwise the core dump is not very useful.) |
|
|
I believe this bug is already fixed in r2499. I attached the patch, could you give it a try. |
|
|
Binary can be found at http://xover.mud.at/~invisible/temp/ldmud-3.3.718-debug. But I'll try the patch this week someday. |
|
|
Ok, found time right away... this patch does indeed fix the issue. Thanks a lot! |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-05-04 03:46 | invisible | New Issue | |
| 2009-05-04 03:58 | zesstra | Note Added: 0001070 | |
| 2009-05-04 04:10 | Gnomi | File Added: r2499.diff | |
| 2009-05-04 04:12 | Gnomi | Note Added: 0001071 | |
| 2009-05-04 04:20 | invisible | Note Added: 0001073 | |
| 2009-05-04 04:30 | invisible | Note Added: 0001074 | |
| 2009-05-04 05:22 | Gnomi | Project | LDMud 3.2 => LDMud 3.3 |
| 2009-05-04 05:23 | Gnomi | Status | new => resolved |
| 2009-05-04 05:23 | Gnomi | Fixed in Version | => 3.3.719 |
| 2009-05-04 05:23 | Gnomi | Resolution | open => fixed |
| 2009-05-04 05:23 | Gnomi | Assigned To | => Gnomi |
