spurious crash: MIFgettok deliveres strings that cannot be freed:

MS Windows, VS or MSYS2/MINGW/GCC, shared ngspice, single character token at end of line, compiled with optimization, not in debug mode. Preliminary fix: TMALLOC another byte to token. Origin of bug still unknown: Source code error? MS library error? Re-write of MIFgettok does not show this error (so far...).
2018-09-16 16:12:31 +02:00 · 2018-09-16 16:12:31 +02:00 · 5f0b2f344e
parent 92b69cbc55
commit 5f0b2f344e
1 changed files with 84 additions and 2 deletions
--- a/src/xspice/mif/mifutil.c
+++ b/src/xspice/mif/mifutil.c
@ -66,6 +66,87 @@ MIFgettok treats ( and ) like whitespace.

 */

+char  *MIFgettok(char **s)
+{
+
+    char    *ret_str;   /* storage for returned string */
+    char *end;
+    char *beg;
+
+    /* skip over white spaces, '=', '(', ')', and ',' up to next token */
+    while (isspace_c(**s) || (**s == '=') ||
+        (**s == '(') || (**s == ')') || (**s == ','))
+        (*s)++;
+
+    /* isolate the next token */
+
+    switch (**s) {
+
+    case '\0':
+        return(NULL);
+
+    case '<':
+    case '>':
+    case '[':
+    case ']':
+    case '~':
+    case '%':
+        beg = *s;
+        (*s)++;
+        ret_str = copy_substring(beg, *s);
+
+        /* skip over white spaces, '=', '(', ')', and ',' up to next token */
+        while (isspace_c(**s) || (**s == '=') ||
+            (**s == '(') || (**s == ')') || (**s == ','))
+            (*s)++;
+
+        return ret_str;
+        break;
+
+    default:
+        /* if first character is a quote, read until the closing */
+        /* quote, or the end of string, discarding the quotes */
+        if (**s == '"') {
+            (*s)++;
+            ret_str = gettok_char(s, '"', FALSE, FALSE);
+
+            if (**s == '"')
+                (*s)++;
+
+            /* skip over white spaces, '=', '(', ')', and ',' up to next token */
+            while (isspace_c(**s) || (**s == '=') ||
+                (**s == '(') || (**s == ')') || (**s == ','))
+                (*s)++;
+
+            return ret_str;
+        }
+        /* else, read until the next delimiter */
+        else {
+            beg = *s;
+            while ((**s != '\0') &&
+                (!(isspace_c(**s) || (**s == '=') || (**s == '%') ||
+                (**s == '(') || (**s == ')') || (**s == ',') ||
+                    (**s == '[') || (**s == ']') ||
+                    (**s == '<') || (**s == '>') || (**s == '~')
+                    ))) {
+                (*s)++;
+            }
+            end = *s;
+
+            /* skip over white spaces, '=', '(', ')', and ',' up to next token */
+            while (isspace_c(**s) || (**s == '=') ||
+                (**s == '(') || (**s == ')') || (**s == ','))
+                (*s)++;
+
+            return (copy_substring(beg, end));
+        }
+        break;
+    }
+    return NULL; /* should not happen */
+}
+
+#if 0
+/* preliminary fix */
 char  *MIFgettok(char **s)
 {

@ -76,7 +157,8 @@ char  *MIFgettok(char **s)

    /* allocate space big enough for the whole string */

-    buf = TMALLOC(char, strlen(*s) + 1);
+    buf = TMALLOC(char, strlen(*s) + 2);
+    /* FIXME, not yet understood why +1 leads to spurious crash in tfree, if optimized code for Windows*/

    /* skip over any white space */

@ -148,7 +230,7 @@ char  *MIFgettok(char **s)

    return(ret_str);
 }
-
+#endif