From patchwork Mon Sep 24 22:48:05 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Markus Mayer <mmayer@broadcom.com>
X-Patchwork-Id: 1501161
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
X-Original-To: patchwork-linux-arm@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	by patchwork2.kernel.org (Postfix) with ESMTP id 07C69DF280
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 24 Sep 2012 22:50:15 +0000 (UTC)
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux))
	id 1TGHS5-0007P6-2D; Mon, 24 Sep 2012 22:48:33 +0000
Received: from mms3.broadcom.com ([216.31.210.19])
	by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux))
	id 1TGHRz-0007OR-Nm for linux-arm-kernel@lists.infradead.org;
	Mon, 24 Sep 2012 22:48:30 +0000
Received: from [10.9.200.131] by mms3.broadcom.com with ESMTP (Broadcom
	SMTP Relay (Email Firewall v6.5)); Mon, 24 Sep 2012 15:46:18 -0700
X-Server-Uuid: B86B6450-0931-4310-942E-F00ED04CA7AF
Received: from mail-irva-13.broadcom.com (10.11.16.103) by
	IRVEXCHHUB01.corp.ad.broadcom.com (10.9.200.131) with Microsoft SMTP
	Server id 8.2.247.2; Mon, 24 Sep 2012 15:48:22 -0700
Received: from lbrmn-lnxub70.ric.broadcom.com (
	lbrmn-lnxub70.ric.broadcom.com [10.136.8.215]) by
	mail-irva-13.broadcom.com (Postfix) with ESMTP id E8DE640FE5; Mon, 24
	Sep 2012 15:48:21 -0700 (PDT)
Received: by lbrmn-lnxub70.ric.broadcom.com (Postfix, from userid 29894)
	id 9154D15C0750; Mon, 24 Sep 2012 15:48:21 -0700 (PDT)
From: "Markus Mayer" <mmayer@broadcom.com>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/1] Fix segfault in DTC
Date: Mon, 24 Sep 2012 15:48:05 -0700
Message-ID: <1348526885-2113-2-git-send-email-mmayer@broadcom.com>
X-Mailer: git-send-email 1.7.5.4
In-Reply-To: <1348526885-2113-1-git-send-email-mmayer@broadcom.com>
References: <1348526885-2113-1-git-send-email-mmayer@broadcom.com>
MIME-Version: 1.0
X-WSS-ID: 7C7E3D303PS2584932-01-01
X-Spam-Note: CRM114 invocation failed
X-Spam-Score: -5.0 (-----)
X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary:
	Content analysis details:   (-5.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
	medium trust [216.31.210.19 listed in list.dnswl.org]
	-0.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
Cc: Markus Mayer <mmayer@broadcom.com>
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: linux-arm-kernel-bounces@lists.infradead.org
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Prior to this change, an empty input file would cause a segfault, because
yylloc had never been initialized. There was never any characters for the
lexer to match, so YY_USER_ACTION was never executed before the parse error
was detected.

When the parser printed the error message, it tried to include the name of
the file, but the structure holding the file name (yylloc.file, referenced
as pos->file) had never been initialized.

Without the fix:

$ ./dtc /dev/null
DTC: dts->dts  on file "/dev/null"
Segmentation fault (core dumped)

$ gdb dtc core
Program terminated with signal 11, Segmentation fault.
    at scripts/dtc/srcpos.c:194
194			fname = pos->file->name;
(gdb) bt
    at scripts/dtc/srcpos.c:194
    fmt=0x40d769 "%s", va=0x7fffbf027148) at scripts/dtc/srcpos.c:220
    at scripts/dtc/dtc-parser.tab.c:1920
    at scripts/dtc/treesource.c:38
    at scripts/dtc/dtc.c:203
(gdb) p *pos
$1 = {first_line = 0, first_column = 0, last_line = 0, last_column = 0,
  file = 0x0}

With the fix:

$ ./dtc /dev/null
DTC: dts->dts  on file "/dev/null"
Error: /dev/null:1.1 syntax error
FATAL ERROR: Unable to parse input tree

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
---
 scripts/dtc/treesource.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/scripts/dtc/treesource.c b/scripts/dtc/treesource.c
index c09aafa..b461b88 100644
--- a/scripts/dtc/treesource.c
+++ b/scripts/dtc/treesource.c
@@ -29,11 +29,15 @@ int treesource_error;
 
 struct boot_info *dt_from_source(const char *fname)
 {
+	extern YYLTYPE yylloc;
+
 	the_boot_info = NULL;
 	treesource_error = 0;
 
 	srcfile_push(fname);
 	yyin = current_srcfile->f;
+	/* Initialize yylloc->file to avoid segfault on empty input */
+	srcpos_update(&yylloc, NULL, 0);
 
 	if (yyparse() != 0)
 		die("Unable to parse input tree\n");