Karim Belabas on Mon, 26 Jan 2004 10:49:05 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: gp: anal.c more bugs


* Michael Somos <somos@feynman.math.georgetown.edu> [2004-01-26 00:59]:
> pari-dev,
> 
>     There are still several more bugs in anal.c which have not
> been fixed. It is a tedious job, but perhaps there is a way to
> rewrite the code so that it will not have these overrun bugs.
> Here is just one simple example of what is still left to do:
[...]
> feynman:/home/somos> valgrind gp
[...]
> ? f()=local(x);x+x
> ? f
> ==18642== Invalid read of size 1
> ==18642==    at 0x81FDBC7: get_op_fun (../src/language/anal.c:1391)
> ==18642==    by 0x81FDD8B: affect_block (../src/language/anal.c:1441)
> ==18642==    by 0x81FEF0B: identifier (../src/language/anal.c:1794)
> ==18642==    by 0x81FD59A: truc (../src/language/anal.c:1278)
> ==18642==    Address 0x41A95B2C is 0 bytes after a block of size 24 alloc'd
> ==18642==    at 0x4002B13C: malloc (vg_replace_malloc.c:153)
> ==18642==    by 0x820E416: gpmalloc (../src/language/init.c:264)
> ==18642==    by 0x820E0A7: newbloc (../src/language/init.c:131)
> ==18642==    by 0x8200910: identifier (../src/language/anal.c:2233)

This one is fixed. I actually fixed it last week, but I had to use
an "assignment + test" ( if (c && (c1 = ...)) ), then cleanup up the code
and mistakenly reintroduced the overrun.

I went over the whole code again ( looking for ...[1] and ...[2] ) and did not
spot anything.

Do you ?

    Karim.

P.S: The parser code has been rewritten by Bill ( and is included in gp2c ).
I do not know whether it is ready to replace the old one.
-- 
Karim Belabas                     Tel: (+33) (0)1 69 15 57 48
Dep. de Mathematiques, Bat. 425   Fax: (+33) (0)1 69 15 60 19
Universite Paris-Sud              http://www.math.u-psud.fr/~belabas/ 
F-91405 Orsay (France)            http://pari.math.u-bordeaux.fr/  [PARI/GP]