1
Fix a segfault that occured on AEL parsing on amd64 systems, e.g.
7
Backported from upstream's r162013.
8
Upstream bug: http://bugs.digium.com/view.php?id=14019
11
-- Faidon Liambotis <paravoid@debian.org>
13
--- a/pbx/ael/ael.flex
14
+++ b/pbx/ael/ael.flex
15
@@ -238,7 +238,8 @@ includes { STORE_POS; return KW_INCLUDES
17
[-a-zA-Z0-9'"_/.\<\>\*\+!$#\[\]][-a-zA-Z0-9'"_/.!\*\+\<\>\{\}$#\[\]]* {
19
- yylval->str = strdup(yytext);
20
+ yylval->str = ast_malloc(yyleng+1);
21
+ ast_copy_string(yylval->str, yytext, yyleng+1);
22
prev_word = yylval->str;
25
@@ -257,7 +258,8 @@ includes { STORE_POS; return KW_INCLUDES
27
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext);
29
- yylval->str = strdup(yytext);
30
+ yylval->str = ast_malloc(yyleng+1);
31
+ ast_copy_string(yylval->str, yytext, yyleng+1);
35
@@ -266,8 +268,8 @@ includes { STORE_POS; return KW_INCLUDES
39
- yylval->str = strdup(yytext);
40
- yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */
41
+ yylval->str = ast_malloc(yyleng);
42
+ ast_copy_string(yylval->str, yytext, yyleng);
46
@@ -289,7 +291,8 @@ includes { STORE_POS; return KW_INCLUDES
47
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n",
48
my_file, my_lineno, my_col, c);
50
- yylval->str = strdup(yytext);
51
+ yylval->str = ast_malloc(yyleng+1);
52
+ ast_copy_string(yylval->str, yytext, yyleng+1);
56
@@ -317,7 +320,8 @@ includes { STORE_POS; return KW_INCLUDES
58
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col);
60
- yylval->str = strdup(yytext);
61
+ yylval->str = ast_malloc(yyleng+1);
62
+ ast_copy_string(yylval->str, yytext, yyleng+1);
66
@@ -329,8 +333,8 @@ includes { STORE_POS; return KW_INCLUDES
68
if ( !strcmp(yytext, ")") )
70
- yylval->str = strdup(yytext);
71
- yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */
72
+ yylval->str = ast_malloc(yyleng);
73
+ ast_copy_string(yylval->str, yytext, yyleng);
77
@@ -343,8 +347,8 @@ includes { STORE_POS; return KW_INCLUDES
79
if( !strcmp(yytext,"," ) )
81
- yylval->str = strdup(yytext);
82
- yylval->str[yyleng-1] = '\0';
83
+ yylval->str = ast_malloc(yyleng);
84
+ ast_copy_string(yylval->str, yytext, yyleng);
88
@@ -356,7 +360,8 @@ includes { STORE_POS; return KW_INCLUDES
90
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c);
92
- yylval->str = strdup(yytext);
93
+ yylval->str = ast_malloc(yyleng+1);
94
+ ast_copy_string(yylval->str, yytext, yyleng+1);
98
@@ -379,7 +384,8 @@ includes { STORE_POS; return KW_INCLUDES
100
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c);
102
- yylval->str = strdup(yytext);
103
+ yylval->str = ast_malloc(yyleng+1);
104
+ ast_copy_string(yylval->str, yytext, yyleng+1);
108
@@ -387,8 +393,8 @@ includes { STORE_POS; return KW_INCLUDES
112
- yylval->str = strdup(yytext);
113
- yylval->str[yyleng-1] = '\0';
114
+ yylval->str = ast_malloc(yyleng);
115
+ ast_copy_string(yylval->str, yytext, yyleng);
121
@@ -710,7 +710,7 @@ static int extension_matches(pval *here,
124
/* simple case, they match exactly, the pattern and exten name */
125
- if( !strcmp(pattern,exten) == 0 )
126
+ if( strcmp(pattern,exten) == 0 )
129
if ( pattern[0] == '_' ) {
130
@@ -2959,7 +2959,7 @@ static void gen_prios(struct ael_extensi
131
pr->type = AEL_APPCALL;
132
p->u2.goto_target = get_goto_target(p);
133
if( p->u2.goto_target ) {
134
- p->u3.goto_target_in_case = p->u2.goto_target->u2.label_in_case = label_inside_case(p->u2.goto_target);
135
+ p->u3.goto_target_in_case = label_inside_case(p->u2.goto_target);
138
if (!p->u1.list->next) /* just one */ {
139
--- a/pbx/ael/ael_lex.c
140
+++ b/pbx/ael/ael_lex.c
143
#define YY_FLEX_MAJOR_VERSION 2
144
#define YY_FLEX_MINOR_VERSION 5
145
-#define YY_FLEX_SUBMINOR_VERSION 33
146
+#define YY_FLEX_SUBMINOR_VERSION 35
147
#if YY_FLEX_SUBMINOR_VERSION > 0
152
/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
154
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ >= 199901L
155
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
157
/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
158
* if you want the limit (max/min) macros for int types.
159
@@ -55,7 +55,6 @@ typedef int flex_int32_t;
160
typedef unsigned char flex_uint8_t;
161
typedef unsigned short int flex_uint16_t;
162
typedef unsigned int flex_uint32_t;
165
/* Limits of integral types. */
167
@@ -86,6 +85,8 @@ typedef unsigned int flex_uint32_t;
168
#define UINT32_MAX (4294967295U)
173
#endif /* ! FLEXINT_H */
176
@@ -95,11 +96,12 @@ typedef unsigned int flex_uint32_t;
178
#else /* ! __cplusplus */
181
+/* C99 requires __STDC__ to be defined as 1. */
182
+#if defined (__STDC__)
186
-#endif /* __STDC__ */
187
+#endif /* defined (__STDC__) */
188
#endif /* ! __cplusplus */
191
@@ -135,8 +137,6 @@ typedef void* yyscan_t;
192
#define yycolumn (YY_CURRENT_BUFFER_LVALUE->yy_bs_column)
193
#define yy_flex_debug yyg->yy_flex_debug_r
195
-int ael_yylex_init (yyscan_t* scanner);
197
/* Enter a start condition. This macro really ought to take a parameter,
198
* but we do it the disgusting crufty way forced on us by the ()-less
199
* definition of BEGIN.
200
@@ -194,14 +194,9 @@ typedef struct yy_buffer_state *YY_BUFFE
202
#define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner )
204
-/* The following is because we cannot portably get our hands on size_t
205
- * (without autoconf's help, which isn't available because we want
206
- * flex-generated scanners to compile on their own).
209
#ifndef YY_TYPEDEF_YY_SIZE_T
210
#define YY_TYPEDEF_YY_SIZE_T
211
-typedef unsigned int yy_size_t;
212
+typedef size_t yy_size_t;
215
#ifndef YY_STRUCT_YY_BUFFER_STATE
216
@@ -905,7 +900,7 @@ static void pbcwhere(const char *text, i
220
-#line 908 "ael_lex.c"
221
+#line 903 "ael_lex.c"
225
@@ -971,6 +966,10 @@ static int yy_init_globals (yyscan_t yys
227
# define yylloc yyg->yylloc_r
229
+int ael_yylex_init (yyscan_t* scanner);
231
+int ael_yylex_init_extra (YY_EXTRA_TYPE user_defined,yyscan_t* scanner);
233
/* Accessor methods to globals.
234
These are made visible to non-reentrant scanners for convenience. */
236
@@ -1042,7 +1041,12 @@ static int input (yyscan_t yyscanner );
238
/* Amount of stuff to slurp up with each read. */
239
#ifndef YY_READ_BUF_SIZE
241
+/* On IA-64, the buffer size is 16k, not 8k */
242
+#define YY_READ_BUF_SIZE 16384
244
#define YY_READ_BUF_SIZE 8192
245
+#endif /* __ia64__ */
248
/* Copy whatever the last rule matched to the standard output. */
249
@@ -1050,7 +1054,7 @@ static int input (yyscan_t yyscanner );
250
/* This used to be an fputs(), but since the string might contain NUL's,
251
* we now use fwrite().
253
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
254
+#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)
257
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
258
@@ -1115,9 +1119,11 @@ static int input (yyscan_t yyscanner );
260
#define YY_DECL_IS_OURS 1
262
-extern int ael_yylex (YYSTYPE * yylval_param,YYLTYPE * yylloc_param ,yyscan_t yyscanner);
263
+extern int ael_yylex \
264
+ (YYSTYPE * yylval_param,YYLTYPE * yylloc_param ,yyscan_t yyscanner);
266
-#define YY_DECL int ael_yylex (YYSTYPE * yylval_param, YYLTYPE * yylloc_param , yyscan_t yyscanner)
267
+#define YY_DECL int ael_yylex \
268
+ (YYSTYPE * yylval_param, YYLTYPE * yylloc_param , yyscan_t yyscanner)
269
#endif /* !YY_DECL */
271
/* Code executed at the beginning of each rule, after yytext and yyleng
272
@@ -1147,7 +1153,7 @@ YY_DECL
276
-#line 1150 "ael_lex.c"
277
+#line 1156 "ael_lex.c"
279
yylval = yylval_param;
281
@@ -1489,7 +1495,8 @@ YY_RULE_SETUP
285
- yylval->str = strdup(yytext);
286
+ yylval->str = ast_malloc(yyleng+1);
287
+ ast_copy_string(yylval->str, yytext, yyleng+1);
288
prev_word = yylval->str;
291
@@ -1504,13 +1511,14 @@ YY_RULE_SETUP
293
/* rule 51 can match eol */
295
-#line 255 "ael.flex"
296
+#line 256 "ael.flex"
298
if ( pbcpop(')') ) { /* error */
300
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext);
302
- yylval->str = strdup(yytext);
303
+ yylval->str = ast_malloc(yyleng+1);
304
+ ast_copy_string(yylval->str, yytext, yyleng+1);
308
@@ -1519,8 +1527,8 @@ YY_RULE_SETUP
312
- yylval->str = strdup(yytext);
313
- yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */
314
+ yylval->str = ast_malloc(yyleng);
315
+ ast_copy_string(yylval->str, yytext, yyleng);
319
@@ -1530,7 +1538,7 @@ YY_RULE_SETUP
321
/* rule 52 can match eol */
323
-#line 277 "ael.flex"
324
+#line 279 "ael.flex"
326
char c = yytext[yyleng-1];
328
@@ -1542,7 +1550,7 @@ YY_RULE_SETUP
330
/* rule 53 can match eol */
332
-#line 285 "ael.flex"
333
+#line 287 "ael.flex"
335
char c = yytext[yyleng-1];
336
if ( pbcpop(c)) { /* error */
337
@@ -1550,7 +1558,8 @@ YY_RULE_SETUP
338
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n",
339
my_file, my_lineno, my_col, c);
341
- yylval->str = strdup(yytext);
342
+ yylval->str = ast_malloc(yyleng+1);
343
+ ast_copy_string(yylval->str, yytext, yyleng+1);
347
@@ -1567,7 +1576,7 @@ YY_RULE_SETUP
349
/* rule 54 can match eol */
351
-#line 307 "ael.flex"
352
+#line 310 "ael.flex"
354
char c = yytext[yyleng-1];
356
@@ -1579,13 +1588,14 @@ YY_RULE_SETUP
358
/* rule 55 can match eol */
360
-#line 315 "ael.flex"
361
+#line 318 "ael.flex"
363
if ( pbcpop(')') ) { /* error */
365
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col);
367
- yylval->str = strdup(yytext);
368
+ yylval->str = ast_malloc(yyleng+1);
369
+ ast_copy_string(yylval->str, yytext, yyleng+1);
373
@@ -1597,8 +1607,8 @@ YY_RULE_SETUP
375
if ( !strcmp(yytext, ")") )
377
- yylval->str = strdup(yytext);
378
- yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */
379
+ yylval->str = ast_malloc(yyleng);
380
+ ast_copy_string(yylval->str, yytext, yyleng);
384
@@ -1607,7 +1617,7 @@ YY_RULE_SETUP
386
/* rule 56 can match eol */
388
-#line 339 "ael.flex"
389
+#line 343 "ael.flex"
391
if( parencount != 0) { /* printf("Folding in a comma!\n"); */
393
@@ -1615,8 +1625,8 @@ YY_RULE_SETUP
395
if( !strcmp(yytext,"," ) )
397
- yylval->str = strdup(yytext);
398
- yylval->str[yyleng-1] = '\0';
399
+ yylval->str = ast_malloc(yyleng);
400
+ ast_copy_string(yylval->str, yytext, yyleng);
404
@@ -1625,14 +1635,15 @@ YY_RULE_SETUP
406
/* rule 57 can match eol */
408
-#line 353 "ael.flex"
409
+#line 357 "ael.flex"
411
char c = yytext[yyleng-1];
412
if ( pbcpop(c) ) { /* error */
414
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c);
416
- yylval->str = strdup(yytext);
417
+ yylval->str = ast_malloc(yyleng+1);
418
+ ast_copy_string(yylval->str, yytext, yyleng+1);
422
@@ -1646,7 +1657,7 @@ YY_RULE_SETUP
424
/* rule 58 can match eol */
426
-#line 370 "ael.flex"
427
+#line 375 "ael.flex"
429
char c = yytext[yyleng-1];
431
@@ -1656,14 +1667,15 @@ YY_RULE_SETUP
433
/* rule 59 can match eol */
435
-#line 376 "ael.flex"
436
+#line 381 "ael.flex"
438
char c = yytext[yyleng-1];
439
if ( pbcpop(c) ) { /* error */
441
ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c);
443
- yylval->str = strdup(yytext);
444
+ yylval->str = ast_malloc(yyleng+1);
445
+ ast_copy_string(yylval->str, yytext, yyleng+1);
449
@@ -1672,11 +1684,11 @@ YY_RULE_SETUP
451
/* rule 60 can match eol */
453
-#line 388 "ael.flex"
454
+#line 394 "ael.flex"
457
- yylval->str = strdup(yytext);
458
- yylval->str[yyleng-1] = '\0';
459
+ yylval->str = ast_malloc(yyleng);
460
+ ast_copy_string(yylval->str, yytext, yyleng);
464
@@ -1685,7 +1697,7 @@ YY_RULE_SETUP
466
/* rule 61 can match eol */
468
-#line 397 "ael.flex"
469
+#line 403 "ael.flex"
471
char fnamebuf[1024],*p1,*p2;
473
@@ -1731,7 +1743,7 @@ case YY_STATE_EOF(paren):
474
case YY_STATE_EOF(semic):
475
case YY_STATE_EOF(argg):
476
case YY_STATE_EOF(comment):
477
-#line 438 "ael.flex"
478
+#line 444 "ael.flex"
481
if (include_stack_index > 0 && include_stack[include_stack_index-1].globbuf_pos < include_stack[include_stack_index-1].globbuf.gl_pathc-1) {
482
@@ -1766,10 +1778,10 @@ case YY_STATE_EOF(comment):
486
-#line 470 "ael.flex"
487
+#line 476 "ael.flex"
490
-#line 1772 "ael_lex.c"
491
+#line 1784 "ael_lex.c"
493
case YY_END_OF_BUFFER:
495
@@ -2000,7 +2012,7 @@ static int yy_get_next_buffer (yyscan_t
497
/* Read in more data. */
498
YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
499
- yyg->yy_n_chars, num_to_read );
500
+ yyg->yy_n_chars, (size_t) num_to_read );
502
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars;
504
@@ -2024,6 +2036,14 @@ static int yy_get_next_buffer (yyscan_t
506
ret_val = EOB_ACT_CONTINUE_SCAN;
508
+ if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
509
+ /* Extend the array by 50%, plus the number we really need. */
510
+ yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
511
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) ael_yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner );
512
+ if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
513
+ YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
516
yyg->yy_n_chars += number_to_move;
517
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] = YY_END_OF_BUFFER_CHAR;
518
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
519
@@ -2452,7 +2472,9 @@ static void ael_yyensure_buffer_stack (y
520
yyg->yy_buffer_stack = (struct yy_buffer_state**)ael_yyalloc
521
(num_to_alloc * sizeof(struct yy_buffer_state*)
524
+ if ( ! yyg->yy_buffer_stack )
525
+ YY_FATAL_ERROR( "out of dynamic memory in ael_yyensure_buffer_stack()" );
527
memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*));
529
yyg->yy_buffer_stack_max = num_to_alloc;
530
@@ -2470,6 +2492,8 @@ static void ael_yyensure_buffer_stack (y
531
(yyg->yy_buffer_stack,
532
num_to_alloc * sizeof(struct yy_buffer_state*)
534
+ if ( ! yyg->yy_buffer_stack )
535
+ YY_FATAL_ERROR( "out of dynamic memory in ael_yyensure_buffer_stack()" );
537
/* zero only the new slots.*/
538
memset(yyg->yy_buffer_stack + yyg->yy_buffer_stack_max, 0, grow_size * sizeof(struct yy_buffer_state*));
539
@@ -2514,7 +2538,7 @@ YY_BUFFER_STATE ael_yy_scan_buffer (cha
541
/** Setup the input buffer state to scan a string. The next call to ael_yylex() will
542
* scan from a @e copy of @a str.
543
- * @param str a NUL-terminated string to scan
544
+ * @param yystr a NUL-terminated string to scan
545
* @param yyscanner The scanner object.
546
* @return the newly allocated buffer state object.
547
* @note If you want to scan bytes that may contain NUL values, then use
548
@@ -2528,8 +2552,8 @@ YY_BUFFER_STATE ael_yy_scan_string (yyco
550
/** Setup the input buffer state to scan the given bytes. The next call to ael_yylex() will
551
* scan from a @e copy of @a bytes.
552
- * @param bytes the byte buffer to scan
553
- * @param len the number of bytes in the buffer pointed to by @a bytes.
554
+ * @param yybytes the byte buffer to scan
555
+ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
556
* @param yyscanner The scanner object.
557
* @return the newly allocated buffer state object.
559
@@ -2788,6 +2812,42 @@ int ael_yylex_init(yyscan_t* ptr_yy_glob
560
return yy_init_globals ( *ptr_yy_globals );
563
+/* ael_yylex_init_extra has the same functionality as ael_yylex_init, but follows the
564
+ * convention of taking the scanner as the last argument. Note however, that
565
+ * this is a *pointer* to a scanner, as it will be allocated by this call (and
566
+ * is the reason, too, why this function also must handle its own declaration).
567
+ * The user defined value in the first argument will be available to ael_yyalloc in
568
+ * the yyextra field.
571
+int ael_yylex_init_extra(YY_EXTRA_TYPE yy_user_defined,yyscan_t* ptr_yy_globals )
574
+ struct yyguts_t dummy_yyguts;
576
+ ael_yyset_extra (yy_user_defined, &dummy_yyguts);
578
+ if (ptr_yy_globals == NULL){
583
+ *ptr_yy_globals = (yyscan_t) ael_yyalloc ( sizeof( struct yyguts_t ), &dummy_yyguts );
585
+ if (*ptr_yy_globals == NULL){
590
+ /* By setting to 0xAA, we expose bugs in
591
+ yy_init_globals. Leave at 0x00 for releases. */
592
+ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t));
594
+ ael_yyset_extra (yy_user_defined, *ptr_yy_globals);
596
+ return yy_init_globals ( *ptr_yy_globals );
599
static int yy_init_globals (yyscan_t yyscanner)
601
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
602
@@ -2894,7 +2954,7 @@ void *ael_yyrealloc (void * ptr, yy_siz
604
#define YYTABLES_NAME "yytables"
606
-#line 470 "ael.flex"
607
+#line 476 "ael.flex"