Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756483AbbGTXxS (ORCPT <rfc822;w@1wt.eu>);
	Mon, 20 Jul 2015 19:53:18 -0400
Received: from smtp.gentoo.org ([140.211.166.183]:33214 "EHLO smtp.gentoo.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754001AbbGTXxR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 20 Jul 2015 19:53:17 -0400
From: Richard Yao <ryao@gentoo.org>
To: linux-kernel@vger.kernel.org
Cc: Richard Yao <richard.yao@clusterhq.com>,
        Madhuri Yechuri <madhuriyechuri@clusterhq.com>
Subject: [PATCH] genksyms: Duplicate function pointer type definitions segfault
Date: Mon, 20 Jul 2015 19:52:48 -0400
Message-Id: <1437436369-46257-1-git-send-email-ryao@gentoo.org>
X-Mailer: git-send-email 2.3.6
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2457
Lines: 64

From: Richard Yao <richard.yao@clusterhq.com>

I noticed that genksyms will segfault when it sees duplicate function
pointer type declaration when I placed the same function pointer
definition in two separate headers in a local branch as an intermediate
step of some refactoring. This can be reproduced by piping the following
minimal test case into `genksyms -r /dev/null` or alternatively, putting
it into a C file attempting a build:

int (*f)();
int (*f)();

Attaching gdb to genksyms to understand this failure is useless without
changing CFLAGS to emit debuginfo. Once you have debuginfo, you will
find that the failure is that `char *s` was NULL and the program
executed `while(*s)`. At which point, further debugging requires
familiarity with compiler front end / parser development.

What happens is that flex identifies the first instance of the token "f"
as IDENT and the yacc parser adds it to the symbol table. On the second
instance, flex will identify "f" as TYPE, which triggers an error case
in the yacc parser. Given that TYPE would have been IDENT had it not
been in the symbol table, the the segmentaion fault could be avoided by
treating TYPE as IDENT in the affected rule.

Some might consider placing identical function pointer type declarations
in different headers to be poor style might consider a failure to be
beneficial. However, failing through a segmentation fault makes the
cause non-obvious and can waste the time of anyone who encounters it.

Signed-off-by: Richard Yao <richard.yao@clusterhq.com>
Acked-by: Madhuri Yechuri <madhuriyechuri@clusterhq.com>
---
 scripts/genksyms/parse.y | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/genksyms/parse.y b/scripts/genksyms/parse.y
index b9f4cf2..723ab30 100644
--- a/scripts/genksyms/parse.y
+++ b/scripts/genksyms/parse.y
@@ -303,6 +303,15 @@ direct_declarator:
 		    $$ = $1;
 		  }
 		}
+	| TYPE
+		{ if (current_name != NULL) {
+		    error_with_pos("unexpected second declaration name");
+		    YYERROR;
+		  } else {
+		    current_name = (*$1)->string;
+		    $$ = $1;
+		  }
+		}
 	| direct_declarator '(' parameter_declaration_clause ')'
 		{ $$ = $4; }
 	| direct_declarator '(' error ')'
-- 
2.3.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/