8d33fa030d308e6f5a4572a5b25bde4508757c31 refactored the site of a call to
vmnewof to remove an assumption that the returned allocation was zeroed. However
I failed to notice that the call to ALLOCATE (which eventually invokes vmnewof)
in exnewnode also relied on this assumption. This remained a latent issue until
84b2983edf458098bb6233368904265c92da4e65 whose changes meant the region returned
by vmnewof was no longer zeroed. The issue (now an active bug) still went
unnoticed until
ea791d46aa1d0f15c483d424fdddabf8f3b61cb0 was merged, which
contained a test that ran `gvpr -f cmd/gvpr/lib/color </dev/null` that triggered
a read through a bad pointer that should have been zeroed during these
allocations.
To fix this, we conservatively zero the result of all calls to ALLOCATE,
ensuring the assumptions these calls may have previously had is now restored.
register Exnode_t* x;
x = ALLOCATE(p, Exnode_t);
+ memzero(x, sizeof(*x));
x->op = op;
x->type = type;
x->binary = binary;
Exref_t* r;
r = ALLOCATE(expr.program, Exref_t);
+ memzero(r, sizeof(*r));
r->symbol = $1;
expr.refs = r;
expr.lastref = r;
Exref_t* l;
r = ALLOCATE(expr.program, Exref_t);
+ memzero(r, sizeof(*r));
r->symbol = $3;
r->index = 0;
r->next = 0;
l = ALLOCATE(expr.program, Exref_t);
+ memzero(l, sizeof(*l));
l->symbol = $2;
l->index = 0;
l->next = r;
projects / graphviz / commitdiff