From b43345039b03ac5691961e1ce37dfb8c4c03a863 Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Mon, 4 Jan 2016 22:56:39 +1100
Subject: Fix some bugs in processing of line directives

In order to work with preprocessed dts files more easily, dts will parse
line number information in the form emitted by cpp.

Anton Blanchard (using a fuzzer) reported that including a line number
directive with a nul character (a literal nul in the input file, not a \0
sequence) would cause dtc to SEGV.  I spotted several more problems on
examining the code:
    * It modified yytext in place which seems to work, but is ugly and I'm
      not sure if it's safe on all lex/flex versions
    * The regexp used in the lexer to recognize line number information
      accepts strings with escape characters, but it won't process these
      escapes.
        - GNU cpp at least, will generate \ escapes in line number
          information, at least with files containing " or \ in the name

This patch reworks the handling of line number information to address
these problems.  \ escapes should now be handled directly.  nuls in file
names (either with a literal nul in the input file, or with a \0 escape
sequence) are still not permitted, but will now result in a lexical error
rather than a SEGV.

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tests/line_directives.dts   |   5 +++++
 tests/nul-in-line-info1.dts | Bin 0 -> 8 bytes
 tests/nul-in-line-info2.dts |   1 +
 tests/run_tests.sh          |   2 ++
 4 files changed, 8 insertions(+)
 create mode 100644 tests/nul-in-line-info1.dts
 create mode 100644 tests/nul-in-line-info2.dts

(limited to 'tests')

diff --git a/tests/line_directives.dts b/tests/line_directives.dts
index 046ef37..67b5e08 100644
--- a/tests/line_directives.dts
+++ b/tests/line_directives.dts
@@ -18,4 +18,9 @@
 # 10 "qux.dts"
 		0x12345678
 	>;
+/*
+ * Check processing of escapes in filenames
+ */
+# 100 "\".dts"
+# 200 "\\.dts"
 };
diff --git a/tests/nul-in-line-info1.dts b/tests/nul-in-line-info1.dts
new file mode 100644
index 0000000..ceb7261
Binary files /dev/null and b/tests/nul-in-line-info1.dts differ
diff --git a/tests/nul-in-line-info2.dts b/tests/nul-in-line-info2.dts
new file mode 100644
index 0000000..1157d23
--- /dev/null
+++ b/tests/nul-in-line-info2.dts
@@ -0,0 +1 @@
+# 0 "\0"
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index b40ba9c..8863c9a 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -293,6 +293,8 @@ libfdt_tests () {
     run_wrap_error_test $DTC division-by-zero.dts
     run_wrap_error_test $DTC bad-octal-literal.dts
     run_dtc_test -I dts -O dtb nul-in-escape.dts
+    run_wrap_error_test $DTC nul-in-line-info1.dts
+    run_wrap_error_test $DTC nul-in-line-info2.dts
 }
 
 dtc_tests () {
-- 
cgit v1.2.3