From 8501f5f0126385c5c7fc58edd7a44dfd1c94ac6e Mon Sep 17 00:00:00 2001 Message-Id: <8501f5f0126385c5c7fc58edd7a44dfd1c94ac6e.1715852453.git.mdw@distorted.org.uk> From: Mark Wooding Date: Thu, 14 Nov 2019 19:46:53 +0000 Subject: [PATCH] math/pgen.c: Don't free the tester if it's not set up. Organization: Straylight/Edgeware From: Mark Wooding The problem flow is this: * The stepper reports a candidate (`p' is `P_STEP', and `proc' returns `PGEN_TRY'). * We decide to (a) report an event (set `A_EVENT' in `act'), and (b) initialize the tester (set `p = P_TEST', `proc = test', and `rq = PGEN_BEGIN'. * We call the event handler, but it returns `PGEN_ABORT'. We notice that `p == P_TEST', and set `A_ENDTEST'. * This causes us to call `test' with `PGEN_DONE'. Alas, the tester hasn't been initialized, because we haven't actually called it with `PGEN_BEGIN' yet. Result: segfault. We can notice this because `rq == PGEN_BEGIN': don't set `A_ENDTEST' if this is the case. --- math/pgen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/math/pgen.c b/math/pgen.c index 9a822f57..84185e33 100644 --- a/math/pgen.c +++ b/math/pgen.c @@ -283,7 +283,7 @@ mp *pgen(const char *name, mp *d, mp *m, pgen_proc *event, void *ectx, rc = PGEN_ABORT; if (!(act & A_DONE)) { act |= A_ENDSTEP | A_DONE; - if (p == P_TEST) + if (p == P_TEST && rq != PGEN_BEGIN) act |= A_ENDTEST; } } -- [mdw]