From 82af4ae68ef752c9e4930e6dbf0cdd7c290b5fa3 Mon Sep 17 00:00:00 2001 From: Ulya Trofimovich Date: Sat, 9 Feb 2019 17:54:25 +0000 Subject: [PATCH] Fixed out of bounds read when sorting one-element initial closure. The error only occurred on some libc implementations, e.g. on debug glibc (options -D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC). --- re2c/src/dfa/closure_posix.cc | 5 ++--- re2c/src/util/lookup.h | 2 ++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/re2c/src/dfa/closure_posix.cc b/re2c/src/dfa/closure_posix.cc index d4846387..c17c1049 100644 --- a/re2c/src/dfa/closure_posix.cc +++ b/re2c/src/dfa/closure_posix.cc @@ -143,12 +143,11 @@ inline cmp_gor1_t::cmp_gor1_t(determ_context_t &c) : ctx(c) {} inline bool cmp_gor1_t::operator()(const clos_t &x, const clos_t &y) const { - const kernel_t *k = ctx.dc_kernels[ctx.dc_origin]; const uint32_t xo = x.origin, yo = y.origin; - - DASSERT(xo != yo && x.tlook == HROOT && y.tlook == HROOT); + if (xo == yo) return false; // if longest components differ, leftmost already incorporates that + const kernel_t *k = ctx.dc_kernels[ctx.dc_origin]; return unpack_leftmost(k->prectbl[xo * k->size + yo]) < 0; } diff --git a/re2c/src/util/lookup.h b/re2c/src/util/lookup.h index 4dc19d65..9d4c3b79 100644 --- a/re2c/src/util/lookup.h +++ b/re2c/src/util/lookup.h @@ -66,12 +66,14 @@ uint32_t lookup_t::size() const template data_t& lookup_t::operator[](uint32_t idx) { + DASSERT(idx < elems.size()); return elems[idx].data; } template const data_t& lookup_t::operator[](uint32_t idx) const { + DASSERT(idx < elems.size()); return elems[idx].data; } -- 2.40.0