lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Roberto Ierusalimschy wrote:
> In the second picture, it may really be a small bug. When the table
> has no hash elements, t->node points to 'dummynode' but t->lastfree
> also points to dummynode (because size is 0). Then the decrement in the
> marked line [while (t->lastfree-- > t->node) {] will make t->lastfree
> point to outside the dummynode_ "array".

Umm, I wouldn't classify this as a bug. The bounds checking tool
simply doesn't analyze the code deeply enough (no offense
intended, this is a tough problem). The lastfree pointer is never
used if the loop exits, because the table is rehashed in turn. So
this never causes any problems in reality.

I don't think this is an ANSI C violation either, because the
(now) invalid pointer is never used in a subsequent comparison.

Purely to satisfy the tool, one could move the decrement inside
the loop:

static Node *getfreepos (Table *t) {
  while (t->lastfree > t->node) {
    if (ttisnil(gkey(t->lastfree)))
      return t->lastfree;
  return NULL;  /* could not find a free place */