From 8b34ccdadfbbf6c20dcec1068368029a29afc40a Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Mon, 13 Jul 2015 18:19:03 -0700 Subject: [PATCH] ovn: Fix extra token detection. This code attempts to first check whether another error was detected for the string it is parsing, then if it's not at the end of the tokens, report an error. However, 'errorp' is always a valid pointer to a 'char *', so the first check in this statement always evaluates false. Furthermore, this undefined behaviour may be optimised out by modern compilers due to the prior dereference in expr_parse(). Fix this to check the actual value of *errorp. Also add a test to check this case. Found by MIT STACK undefined behaviour checker. Signed-off-by: Joe Stringer Acked-by: Ben Pfaff --- ovn/lib/expr.c | 2 +- tests/ovn.at | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c index c81c45388..510a15e67 100644 --- a/ovn/lib/expr.c +++ b/ovn/lib/expr.c @@ -1044,7 +1044,7 @@ expr_parse_string(const char *s, const struct shash *symtab, char **errorp) lexer_init(&lexer, s); lexer_get(&lexer); expr = expr_parse(&lexer, symtab, errorp); - if (!errorp && lexer.token.type != LEX_T_END) { + if (!*errorp && lexer.token.type != LEX_T_END) { *errorp = xstrdup("Extra tokens at end of input."); expr_destroy(expr); expr = NULL; diff --git a/tests/ovn.at b/tests/ovn.at index 261e32a25..d1696de71 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -255,6 +255,8 @@ eth.src > 00:00:00:00:11:11/00:00:00:00:ff:ff => Only == and != operators may be ip4.src == ::1 => 128-bit constant is not compatible with 32-bit field ip4.src. 1 == eth.type == 2 => Range expressions must have the form `x < field < y' or `x > field > y', with each `<' optionally replaced by `<=' or `>' by `>='). + +eth.dst[40] x => Extra tokens at end of input. ]]) sed 's/ =>.*//' test-cases.txt > input.txt sed 's/.* => //' test-cases.txt > expout -- 2.20.1