Re: [9fans] Lock loop in malloc()

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: erik quanstrom <quanstro@quanstro.net>
To: lucio@proxima.alt.za, 9fans@9fans.net
Subject: Re: [9fans] Lock loop in malloc()
Date: Mon, 25 Jul 2011 21:38:21 -0400	[thread overview]
Message-ID: <06a4578109cd8813eadd11616fb8d290@ladd.quanstro.net> (raw)
In-Reply-To: <20110725135837.GC27739@fangle.proxima.alt.za>

well, this was a fun little bug.  i downloaded bison and within a few
minutes i'd narrowed the problem down to lib/c-ctype.h.  and
it only took another minute to isolate this as the problem statement.

#if (' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
    && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
    && (')' == 41) && ('*' == 42) && ('+' == 43) && (',' == 44) \
    && ('-' == 45) && ('.' == 46) && ('/' == 47) && ('0' == 48) \
    && ('1' == 49) && ('2' == 50) && ('3' == 51) && ('4' == 52) \
    && ('5' == 53) && ('6' == 54) && ('7' == 55) && ('8' == 56) \
    && ('9' == 57) && (':' == 58) && (';' == 59) && ('<' == 60) \
    && ('=' == 61) && ('>' == 62) && ('?' == 63) && ('A' == 65) \
    && ('B' == 66) && ('C' == 67) && ('D' == 68) && ('E' == 69) \
    && ('F' == 70) && ('G' == 71) && ('H' == 72) && ('I' == 73) \
    && ('J' == 74) && ('K' == 75) && ('L' == 76) && ('M' == 77) \
    && ('N' == 78) && ('O' == 79) && ('P' == 80) && ('Q' == 81) \
    && ('R' == 82) && ('S' == 83) && ('T' == 84) && ('U' == 85) \
    && ('V' == 86) && ('W' == 87) && ('X' == 88) && ('Y' == 89) \
    && ('Z' == 90) && ('[' == 91) && ('\\' == 92) && (']' == 93) \
    && ('^' == 94) && ('_' == 95) && ('a' == 97) && ('b' == 98) \
    && ('c' == 99) && ('d' == 100) && ('e' == 101) && ('f' == 102) \
    && ('g' == 103) && ('h' == 104) && ('i' == 105) && ('j' == 106) \
    && ('k' == 107) && ('l' == 108) && ('m' == 109) && ('n' == 110) \
    && ('o' == 111) && ('p' == 112) && ('q' == 113) && ('r' == 114) \
    && ('s' == 115) && ('t' == 116) && ('u' == 117) && ('v' == 118) \
    && ('w' == 119) && ('x' == 120) && ('y' == 121) && ('z' == 122) \
    && ('{' == 123) && ('|' == 124) && ('}' == 125) && ('~' == 126)
/* The character set is ASCII or one of its variants or extensions, not EBCDIC.
   Testing the value of '\n' and '\r' is not relevant.  */
#define C_CTYPE_ASCII 1
#endif

from there, the problem was pretty easy to spot NSTAK was too small,
and unguarded.  the funny  "+ 1" is to allow for a few operators that
can add 2 to the stack in one trip through the loop.

; diffy -c eval.c
/n/dump/2011/0725/sys/src/cmd/cpp/eval.c:2,8 - eval.c:2,8
  #include <libc.h>
  #include "cpp.h"

- #define	NSTAK	32
+ #define	NSTAK	1024
  #define	SGN	0
  #define	UNS	1
  #define	UND	2
/n/dump/2011/0725/sys/src/cmd/cpp/eval.c:92,99 - eval.c:92,99

  int	evalop(struct pri);
  struct	value tokval(Token *);
- struct value vals[NSTAK], *vp;
- enum toktype ops[NSTAK], *op;
+ struct value vals[NSTAK + 1], *vp;
+ enum toktype ops[NSTAK + 1], *op;

  /*
   * Evaluate an #if #elif #ifdef #ifndef line.  trp->tp points to the keyword.
/n/dump/2011/0725/sys/src/cmd/cpp/eval.c:122,127 - eval.c:122,129
  	op = ops;
  	*op++ = END;
  	for (rand=0, tp = trp->bp+ntok; tp < trp->lp; tp++) {
+ 		if(op >= ops + NSTAK)
+ 			sysfatal("cpp: can't evalute #if: increase NSTAK");
  		switch(tp->type) {
  		case WS:
  		case NL:

- erik

next prev parent reply	other threads:[~2011-07-26  1:38 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-25 13:58 Lucio De Re
2011-07-25 14:40 ` erik quanstrom
2011-07-25 14:42 ` Russ Cox
2011-07-25 15:17   ` Lucio De Re
2011-07-25 16:12     ` Russ Cox
2011-07-25 17:51     ` erik quanstrom
2011-07-25 19:31       ` Russ Cox
2011-07-26  1:38 ` erik quanstrom [this message]
2011-07-26  1:41   ` erik quanstrom
2011-07-26  1:56   ` Russ Cox
     [not found]   ` <CADSkJJUmVYNdy_sUqqM34xdXD9CiWyUUEr89uxouAJ0ydVLpHQ@mail.gmail.c>
2011-07-26  4:01     ` erik quanstrom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=06a4578109cd8813eadd11616fb8d290@ladd.quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    --cc=lucio@proxima.alt.za \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).