CVS commit: src

["Roland Illig" <rillig%netbsd.org@localhost>]

Module Name:    src
Committed By:   rillig
Date:           Sun Oct 31 23:15:44 UTC 2021

Modified Files:
        src/tests/usr.bin/xlint/lint1: msg_348.c msg_348.exp
        src/usr.bin/xlint/lint1: tree.c

Log Message:
lint: fix invalid memory access in array[enum] check

Lint checks whether in an expression 'array[enum]', the array size
matches the value of the maximum enum constant.

The previous tests for this check were missing the case where an enum
name was explicitly cast to an integer type and then used as an array
index. In this situation, the resulting type of the array index is a
plain 'int' without any information about its previous 'enum' history.

An entirely different case is when the 'enum' is implicitly converted to
an integer type, as in the test color_name_too_many. There, for the
final type of the array index, rn->tn_type->t_is_enum is true, which
means that rn->tn_type->t_enum is properly filled.

The bug was a simple typo, I had forgotten a tn_left indirection, which
is necessary to get the type before the implicit conversion.

Found and reported by Christos, triggered by src/lib/libperfuse/ops.c
1.89 line 1226 expression 'VTTOIF(vap->va_type)'.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/usr.bin/xlint/lint1/msg_348.c \
    src/tests/usr.bin/xlint/lint1/msg_348.exp
cvs rdiff -u -r1.387 -r1.388 src/usr.bin/xlint/lint1/tree.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.