Re: [bug-gawk] Function argument corruption in 4.2.0

[arnold]

Hi.

I'm not up to starting on this now, but another tool for exploration
would be to use the gawk debugger to see at what point in the awk
program the data becomes bad.

You can then add a call to stopme() right before it.  Then rerun with
gdb on gawk itself, set a breakoint in the C stopme() routine, and go
from there.

Andy, thanks for looking into this; it does have the scent of code
that you were involved with during development.

Arnold

"Andrew J. Schorr" <address@hidden> wrote:

> On Mon, Nov 13, 2017 at 01:03:12AM -0800, Eric Pruitt wrote:
> > On Sun, Nov 12, 2017 at 10:13:06PM -0500, Andrew J. Schorr wrote:
> > > Thanks for sharing this. Of course a simple bug report is easier to work 
> > > with,
> > > but sometimes that's not on the menu. :-) I am crazy busy, but will try 
> > > to find
> > > some time to investigate.
> > 
> > I actually discovered this bug implementing what was literally the very
> > last feature I had planned for the first version of mdlint, a project I
> > have been pecking at over the last two weeks. That contributes to the
> > difficulty of figuring out how to create an atomic test case. If there
> > was ever a time I wondered whether bugs were woven into code by the
> > Fates, it was then.
>
> OK. I patched mdlint like so:
>
> --- mdlint.orig       2017-11-13 14:20:55.217636390 -0500
> +++ mdlint    2017-11-13 14:07:05.675440959 -0500
> @@ -1269,7 +1269,7 @@ function lint(path,    command, n)
>      path = lint_init_path(path)
>  
>      ERRNO = ""
> -    command = sh_quote(CMARK, 1) " --sourcepos --to xml " sh_quote(path, 0)
> +    command = "cat cmark-output.xml"
>      while ((command | getline) == 1) {
>          xml_line($0)
>      }
>
> When I run with 4.1.4, it works OK:
>
> bash$ gawk -We mdlint test.in -v -r label_exists_for_destination
> 52: the URI "//#label_exists_for_destination" points to the same place as the 
> link reference labeled "label_exists_for_destination"
>
> Surprisingly, I get an assertion failure when I run your script using
> the gawk 4.2 stable branch:
>
> bash$ gawk -We mdlint test.in -v -r label_exists_for_destination
> gawk: field.c:350: purge_record: Assertion `(fields_arr[i]->flags & 0x0001) 
> == 0 ? fields_arr[i]->sub.val.sref == 1 : 1' failed.
> Abort (core dumped)
>
> I wonder why that doesn't happen to you...
> The valref value is 2 for a non-malloced field. This needs a closer look.
>
> I see the same assertion without the extra args:
>
> bash$ gawk -f mdlint < test.in
> gawk: field.c:352: purge_record: Assertion `(fields_arr[i]->flags & 0x0001) 
> == 0 ? fields_arr[i]->sub.val.sref == 1 : 1' failed.
> Abort (core dumped)
>
> I was able to shrink test.in down to small.in and still get the failure:
>
> gawk -f mdlint < small.in
> gawk: field.c:352: purge_record: Assertion `(fields_arr[i]->flags & 0x0001) 
> == 0 ? fields_arr[i]->sub.val.sref == 1 : 1' failed.
>
> I have attached the patched mdlint script, the cmark output file, and 
> small.in.
> If anybody has any insight, feel free to jump in. :-)
>
> Regards,
> Andy