Re: possible bug

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: possible bug
From: Mike Pall <mikelu-0903@...>
Date: Fri, 27 Mar 2009 15:40:53 +0100

Roberto Ierusalimschy wrote:
> In the second picture, it may really be a small bug. When the table
> has no hash elements, t->node points to 'dummynode' but t->lastfree
> also points to dummynode (because size is 0). Then the decrement in the
> marked line [while (t->lastfree-- > t->node) {] will make t->lastfree
> point to outside the dummynode_ "array".

Umm, I wouldn't classify this as a bug. The bounds checking tool
simply doesn't analyze the code deeply enough (no offense
intended, this is a tough problem). The lastfree pointer is never
used if the loop exits, because the table is rehashed in turn. So
this never causes any problems in reality.

I don't think this is an ANSI C violation either, because the
(now) invalid pointer is never used in a subsequent comparison.

Purely to satisfy the tool, one could move the decrement inside
the loop:

static Node *getfreepos (Table *t) {
  while (t->lastfree > t->node) {
    t->lastfree--;
    if (ttisnil(gkey(t->lastfree)))
      return t->lastfree;
  }
  return NULL;  /* could not find a free place */
}

--Mike

Follow-Ups:
- Re: possible bug, Roberto Ierusalimschy
- Re: possible bug, Mike Pall
- Re: possible bug, Florian Weimer

References:
- possible bug, kathrin_69@<a href="/cgi-bin/echo.cgi?gmx.de">...</a>
- Re: possible bug, Roberto Ierusalimschy

Prev by Date: Re: possible bug
Next by Date: Re: Development environment
Previous by thread: Re: possible bug
Next by thread: Re: possible bug
Index(es):
- Date
- Thread