From patchwork Tue Sep 25 17:58:09 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Markus Mayer <mmayer@broadcom.com>
X-Patchwork-Id: 1506291
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
X-Original-To: patchwork-linux-arm@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork1.kernel.org
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	by patchwork1.kernel.org (Postfix) with ESMTP id 4373A3FC71
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue, 25 Sep 2012 18:01:04 +0000 (UTC)
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux))
	id 1TGZPm-0000i7-On; Tue, 25 Sep 2012 17:59:22 +0000
Received: from mms1.broadcom.com ([216.31.210.17])
	by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux))
	id 1TGZPY-0000h8-An for linux-arm-kernel@lists.infradead.org;
	Tue, 25 Sep 2012 17:59:09 +0000
Received: from [10.9.200.133] by mms1.broadcom.com with ESMTP (Broadcom
	SMTP Relay (Email Firewall v6.5)); Tue, 25 Sep 2012 10:57:57 -0700
X-Server-Uuid: 06151B78-6688-425E-9DE2-57CB27892261
Received: from mail-irva-13.broadcom.com (10.11.16.103) by
	IRVEXCHHUB02.corp.ad.broadcom.com (10.9.200.133) with Microsoft SMTP
	Server id 8.2.247.2; Tue, 25 Sep 2012 10:58:22 -0700
Received: from smtphost.broadcom.com (lbrmn-lnxub70.ric.broadcom.com
	[10.136.8.215]) by mail-irva-13.broadcom.com (Postfix) with ESMTP id
	8B71140FF3; Tue, 25 Sep 2012 10:58:51 -0700 (PDT)
From: "Markus Mayer" <mmayer@broadcom.com>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/1] Fix segfault in DTC
Date: Tue, 25 Sep 2012 10:58:09 -0700
Message-ID: <1348595889-6495-2-git-send-email-mmayer@broadcom.com>
X-Mailer: git-send-email 1.7.5.4
In-Reply-To: <1348595889-6495-1-git-send-email-mmayer@broadcom.com>
References: <1348526885-2113-1-git-send-email-mmayer@broadcom.com>
	<1348595889-6495-1-git-send-email-mmayer@broadcom.com>
MIME-Version: 1.0
X-WSS-ID: 7C7F2F2F3MK38595075-01-01
X-Spam-Note: CRM114 invocation failed
X-Spam-Score: -5.0 (-----)
X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary:
	Content analysis details:   (-5.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
	medium trust [216.31.210.17 listed in list.dnswl.org]
	-0.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
Cc: devicetree-discuss@lists.ozlabs.org, Jon Loeliger <jdl@jdl.com>,
	Markus Mayer <mmayer@broadcom.com>,
	David Gibson <david@gibson.dropbear.id.au>
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: linux-arm-kernel-bounces@lists.infradead.org
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Prior to this change, an empty input file would cause a segfault, because
yylloc had never been initialized. There was never any characters for the
lexer to match, so YY_USER_ACTION was never executed before the parse error
was detected.

When the parser printed the error message, it tried to include the name of
the file, but the structure holding the file name (yylloc.file, referenced
as pos->file) had never been initialized.

Without the fix:

$ ./dtc /dev/null
DTC: dts->dts  on file "/dev/null"
Segmentation fault (core dumped)

$ gdb dtc core
Program terminated with signal 11, Segmentation fault.
    at scripts/dtc/srcpos.c:194
194			fname = pos->file->name;
(gdb) bt
    at scripts/dtc/srcpos.c:194
    fmt=0x40d769 "%s", va=0x7fffbf027148) at scripts/dtc/srcpos.c:220
    at scripts/dtc/dtc-parser.tab.c:1920
    at scripts/dtc/treesource.c:38
    at scripts/dtc/dtc.c:203
(gdb) p *pos
$1 = {first_line = 0, first_column = 0, last_line = 0, last_column = 0,
  file = 0x0}

With the fix:

$ ./dtc /dev/null
DTC: dts->dts  on file "/dev/null"
Error: /dev/null:1.1 syntax error
FATAL ERROR: Unable to parse input tree

Signed-off-by: Markus Mayer <mmayer@broadcom.com>
---
 scripts/dtc/treesource.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/scripts/dtc/treesource.c b/scripts/dtc/treesource.c
index c09aafa..b461b88 100644
--- a/scripts/dtc/treesource.c
+++ b/scripts/dtc/treesource.c
@@ -29,11 +29,15 @@ int treesource_error;
 
 struct boot_info *dt_from_source(const char *fname)
 {
+	extern YYLTYPE yylloc;
+
 	the_boot_info = NULL;
 	treesource_error = 0;
 
 	srcfile_push(fname);
 	yyin = current_srcfile->f;
+	/* Initialize yylloc->file to avoid segfault on empty input */
+	srcpos_update(&yylloc, NULL, 0);
 
 	if (yyparse() != 0)
 		die("Unable to parse input tree\n");