[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: REVERSE_INULL in lparser.c
- From: Mike Pall <mikelu-0908@...>
- Date: Mon, 10 Aug 2009 22:01:54 +0200
Stern.Jason wrote:
> 376 ls->fs = fs->prev;
> 377 L->top -= 2; /* remove table and prototype from the stack */
> 378 /* last token read was anchored in defunct function; must reanchor it */
>
> Event check_after_deref: Pointer "fs" dereferenced before NULL check
> 379 if (fs) anchor_token(ls);
>
> Is it safe to remove this null check, or should the null check be moved to before line 359?
Within close_func() fs is always a valid pointer. The check should
be against ls->fs (i.e. fs->prev), since that's the outer scope
where the token is going to be reanchored:
if (ls->fs) anchor_token(ls);
But ... that's a pointless check because the parser can only get
there with ls->fs == NULL when the outermost scope hits the end of
the stream. Then the token must be TK_EOS (see luaY_parser). But
this token is not reanchored in anchor_token(), so ls->fs is not
dereferenced in this case (deep down in luaX_newstring()).
This also implies the original code cannot crash.
Suggested fix: either replace 'if (fs)' with 'if (ls->fs)' or
remove the check and document that anchor_token() depends on
ls->t.token == TK_EOS in case ls->fs == NULL.
--Mike