Hi,
When compiling with undefined behavior sanitizer and then running:
$ ./bash
parse.y:1000:93: runtime error: index -1 out of bounds for type 'int [257]'
The offending section of code:
case_command: CASE WORD newline_list IN newline_list ESAC
{
$$ = make_case_command ($2, (PATTERN_LIST *)NULL,
word_lineno[word_top]);
if (word_top >= 0) word_top--;
}
| CASE WORD newline_list IN case_clause_sequence newline_list ESAC
{
/* Access of word_lineno[word_top] causes bad read.
*/
$$ = make_case_command ($2, $5,
word_lineno[word_top]);
if (word_top >= 0) word_top--;
}
And the definition of word top and word_lineno:
#define MAX_COMPOUND_NEST 256
static int word_lineno[MAX_COMPOUND_NEST+1];
static int word_top = -1;
The value of word_top appears to only be set in 'set_word_top':
static inline int
set_word_top (int t)
{
switch (t)
{
case CASE:
case SELECT:
case FOR:
case IF:
case WHILE:
case UNTIL:
if (word_top < MAX_COMPOUND_NEST)
word_top++;
word_lineno[word_top] = line_number;
break;
default:
break;
}
return word_top;
}
Shouldn't all the decrements of word_top be protected by:
if (word_top > 0) word_top--;
instead of:
if (word_top >= 0) word_top--;
Or is there something more complicated that I am missing here?
Collin
