From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 14 Nov 2019 19:46:53 +0000 (+0000)
Subject: math/pgen.c: Don't free the tester if it's not set up.
X-Git-Tag: 2.4.5~17
X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/8501f5f0126385c5c7fc58edd7a44dfd1c94ac6e

math/pgen.c: Don't free the tester if it's not set up.

The problem flow is this:

  * The stepper reports a candidate (`p' is `P_STEP', and `proc' returns
    `PGEN_TRY').

  * We decide to (a) report an event (set `A_EVENT' in `act'), and (b)
    initialize the tester (set `p = P_TEST', `proc = test', and `rq =
    PGEN_BEGIN'.

  * We call the event handler, but it returns `PGEN_ABORT'.  We notice
    that `p == P_TEST', and set `A_ENDTEST'.

  * This causes us to call `test' with `PGEN_DONE'.  Alas, the tester
    hasn't been initialized, because we haven't actually called it with
    `PGEN_BEGIN' yet.  Result: segfault.

We can notice this because `rq == PGEN_BEGIN': don't set `A_ENDTEST'
if this is the case.
---

diff --git a/math/pgen.c b/math/pgen.c
index 9a822f57..84185e33 100644
--- a/math/pgen.c
+++ b/math/pgen.c
@@ -283,7 +283,7 @@ mp *pgen(const char *name, mp *d, mp *m, pgen_proc *event, void *ectx,
       rc = PGEN_ABORT;
       if (!(act & A_DONE)) {
 	act |= A_ENDSTEP | A_DONE;
-	if (p == P_TEST)
+	if (p == P_TEST && rq != PGEN_BEGIN)
 	  act |= A_ENDTEST;
       }
     }