ielr: fix crash on memory management

Reported by Dwight Guth. https://lists.gnu.org/r/bug-bison/2020-06/msg00037.html * src/AnnotationList.c (AnnotationList__computePredecessorAnnotations): Beware that SBITSET__FOR_EACH nests _two_ for-loops, so "break" does not actually break out of it. That was the only occurrence in the code. * src/Sbitset.h (SBITSET__FOR_EACH): Warn passersby.
akimd · Jun 26, 2020 · f6dd943 · f6dd943
1 parent 8f44164
commit f6dd943
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/THANKS b/THANKS
@@ -59,6 +59,7 @@ Di-an Jan                 dianj@freeshell.org
 Dick Streefland           dick.streefland@altium.nl
 Didier Godefroy           dg@ulysium.net
 Don Macpherson            donmac703@gmail.com
+Dwight Guth               dwight.guth@runtimeverification.com
 Efi Fogel                 efifogel@gmail.com
 Enrico Scholz             enrico.scholz@informatik.tu-chemnitz.de
 Eric Blake                ebb9@byu.net

diff --git a/src/AnnotationList.c b/src/AnnotationList.c
@@ -276,7 +276,8 @@ AnnotationList__computePredecessorAnnotations (
                         obstack_free (annotations_obstackp,
                                       annotation_node->contributions[ci]);
                         annotation_node->contributions[ci] = NULL;
-                        break;
+                        // "Break" out of SBITSET__FOR_EACH.
+                        goto after_sbitset__for_each;
                       }
                     else
                       {
@@ -309,6 +310,7 @@ AnnotationList__computePredecessorAnnotations (
                                     predecessor_item);
                   }
               }
+          after_sbitset__for_each:;
           }
           if (annotation_node->contributions[ci])
             {

diff --git a/src/Sbitset.h b/src/Sbitset.h
@@ -81,6 +81,8 @@ void Sbitset__fprint (Sbitset self, Sbitset__Index nbits, FILE *file);
       *ptr_self = *ptr_other1 | *ptr_other2;                            \
   } while (0)
 
+/* ATTENTION: there are *two* loops here, "break" and "continue" will
+   not apply to the whole loop, just the inner one.  */
 # define SBITSET__FOR_EACH(SELF, NBITS, ITER, INDEX)                    \
   for ((ITER) = (SELF); (ITER) < (SELF) + Sbitset__nbytes (NBITS); ++(ITER)) \
     if (*(ITER) != 0)                                                   \