From 9222e9713b5764396fb3a8d479acf263044f0f88 Mon Sep 17 00:00:00 2001 From: Alexandre Duret-Lutz Date: Thu, 23 Jun 2022 17:19:09 +0200 Subject: [PATCH] parseaut: fix handling of [ outside HOA Fixes #509. * spot/parseaut/scanaut.ll: Reset ->str whenever a [ is read, so that we do not attempt to clear ->str while reading garbage. * NEWS: Mention the bug. * tests/core/parseaut.test: Test it. --- NEWS | 4 ++++ spot/parseaut/scanaut.ll | 5 +++++ tests/core/parseaut.test | 10 ++++++++++ 3 files changed, 19 insertions(+) diff --git a/NEWS b/NEWS index a08fa6d10..d7f3f4923 100644 --- a/NEWS +++ b/NEWS @@ -124,6 +124,10 @@ New in spot 2.10.6.dev (not yet released) hide true state could produce some incorrect GraphViz output if the automaton as a true state as part of a universal group. + - Due to an optimization introduces in 2.10 to parse HOA label more + efficiently, the automaton parser could crash when parsing random + input (not HOA) containing '[' (issue #509). + New in spot 2.10.6 (2022-05-18) Bugs fixed: diff --git a/spot/parseaut/scanaut.ll b/spot/parseaut/scanaut.ll index 711c74c64..db8ae75c6 100644 --- a/spot/parseaut/scanaut.ll +++ b/spot/parseaut/scanaut.ll @@ -454,6 +454,11 @@ identifier [[:alpha:]_][[:alnum:]_.-]* } } +"[" { + yylval->str = nullptr; + return *yytext; + } + . return *yytext; %{ diff --git a/tests/core/parseaut.test b/tests/core/parseaut.test index 6501bee02..56f2d54eb 100755 --- a/tests/core/parseaut.test +++ b/tests/core/parseaut.test @@ -2961,3 +2961,13 @@ EOF # At some point, this crashed with # input buffer overflow, can't enlarge buffer because scanner uses REJECT run 0 autfilt -q bigaut + + +# This issued to segfault, because the parser assumed a '[' token was +# always attached to a string, while that was only true in HOA mode. +cat >input <