When TEMPORARY is in effect, proc_commit() destroys the temporary
dictionary. This means that any procedure that does not somehow disable
temporary transformations and refers to a variable following proc_commit()
has a use-after-free error.
Until now, AUTORECODE had this problem. This commit fixes it and adds a
test.
Bug #32757.
/* Explains how to recode an AUTORECODE variable. */
struct arc_spec
{
/* Explains how to recode an AUTORECODE variable. */
struct arc_spec
{
- const struct variable *src; /* Source variable. */
+ int width; /* Variable width. */
+ int src_idx; /* Case index of source variable. */
struct variable *dst; /* Target variable. */
struct rec_items *items;
};
struct variable *dst; /* Target variable. */
struct rec_items *items;
};
struct rec_items *global_items;
bool blank_valid;
struct rec_items *global_items;
bool blank_valid;
- const struct dictionary *dict;
};
static trns_proc_func autorecode_trns_proc;
};
static trns_proc_func autorecode_trns_proc;
/* Create procedure. */
arc = xzalloc (sizeof *arc);
arc->blank_valid = true;
/* Create procedure. */
arc = xzalloc (sizeof *arc);
arc->blank_valid = true;
- arc->dict = dataset_dict (ds);
/* Parse variable lists. */
lex_match_id (lexer, "VARIABLES");
lex_match (lexer, T_EQUALS);
/* Parse variable lists. */
lex_match_id (lexer, "VARIABLES");
lex_match (lexer, T_EQUALS);
- if (!parse_variables_const (lexer, arc->dict, &src_vars, &n_srcs,
- PV_NO_DUPLICATE))
+ if (!parse_variables_const (lexer, dict, &src_vars, &n_srcs,
+ PV_NO_DUPLICATE | PV_NO_SCRATCH))
goto error;
if (!lex_force_match_id (lexer, "INTO"))
goto error;
lex_match (lexer, T_EQUALS);
goto error;
if (!lex_force_match_id (lexer, "INTO"))
goto error;
lex_match (lexer, T_EQUALS);
- if (!parse_DATA_LIST_vars (lexer, arc->dict, &dst_names, &n_dsts,
+ if (!parse_DATA_LIST_vars (lexer, dict, &dst_names, &n_dsts,
PV_NO_DUPLICATE))
goto error;
if (n_dsts != n_srcs)
PV_NO_DUPLICATE))
goto error;
if (n_dsts != n_srcs)
{
const char *name = dst_names[i];
{
const char *name = dst_names[i];
- if (dict_lookup_var (arc->dict, name) != NULL)
+ if (dict_lookup_var (dict, name) != NULL)
{
msg (SE, _("Target variable %s duplicates existing variable %s."),
name, name);
{
msg (SE, _("Target variable %s duplicates existing variable %s."),
name, name);
{
struct arc_spec *spec = &arc->specs[i];
{
struct arc_spec *spec = &arc->specs[i];
- spec->src = src_vars[i];
+ spec->width = var_get_width (src_vars[i]);
+ spec->src_idx = var_get_case_index (src_vars[i]);
for (i = 0; i < arc->n_specs; i++)
{
struct arc_spec *spec = &arc->specs[i];
for (i = 0; i < arc->n_specs; i++)
{
struct arc_spec *spec = &arc->specs[i];
- int width = var_get_width (spec->src);
- const union value *value = case_data (c, spec->src);
+ int width = spec->width;
+ const union value *value = case_data_idx (c, spec->src_idx);
size_t hash = value_hash (value, width, 0);
struct arc_item *item;
item = find_arc_item (spec, value, hash);
if ( (item == NULL)
&&
size_t hash = value_hash (value, width, 0);
struct arc_item *item;
item = find_arc_item (spec, value, hash);
if ( (item == NULL)
&&
- ( arc->blank_valid || var_is_numeric (spec->src) || ! value_is_blank (value, width, arc->dict))
+ ( arc->blank_valid
+ || val_type_from_width (spec->width) == VAL_NUMERIC
+ || ! value_is_blank (value, width, dict))
)
{
item = xmalloc (sizeof *item);
)
{
item = xmalloc (sizeof *item);
ok = casereader_destroy (input);
ok = proc_commit (ds) && ok;
ok = casereader_destroy (input);
ok = proc_commit (ds) && ok;
+ /* Re-fetch dictionary because it might have changed (if TEMPORARY was in
+ use). */
+ dict = dataset_dict (ds);
+
/* Create transformation. */
for (i = 0; i < arc->n_specs; i++)
{
/* Create transformation. */
for (i = 0; i < arc->n_specs; i++)
{
{
const char *str = CHAR_CAST_BUG (const char*, value_str (from, src_width));
{
const char *str = CHAR_CAST_BUG (const char*, value_str (from, src_width));
- recoded_value = recode_string (UTF8, dict_get_encoding (arc->dict), str, src_width);
+ recoded_value = recode_string (UTF8, dict_get_encoding (dict),
+ str, src_width);
}
else
recoded_value = c_xasprintf ("%g", from->f);
}
else
recoded_value = c_xasprintf ("%g", from->f);
struct arc_item *item;
HMAP_FOR_EACH_WITH_HASH (item, struct arc_item, hmap_node, hash, &spec->items->ht)
struct arc_item *item;
HMAP_FOR_EACH_WITH_HASH (item, struct arc_item, hmap_node, hash, &spec->items->ht)
- if (value_equal (value, &item->from, var_get_width (spec->src)))
+ if (value_equal (value, &item->from, spec->width))
return item;
return NULL;
}
return item;
return NULL;
}
for (i = 0; i < arc->n_specs; i++)
{
const struct arc_spec *spec = &arc->specs[i];
for (i = 0; i < arc->n_specs; i++)
{
const struct arc_spec *spec = &arc->specs[i];
- int width = var_get_width (spec->src);
- const union value *value = case_data (*c, spec->src);
- const struct arc_item *item = find_arc_item (spec, value, value_hash (value, width, 0));
+ const union value *value = case_data_idx (*c, spec->src_idx);
+ unsigned int hash = value_hash (value, spec->width, 0);
+ const struct arc_item *item = find_arc_item (spec, value, hash);
case_data_rw (*c, spec->dst)->f = item ? item->to : SYSMIS;
}
case_data_rw (*c, spec->dst)->f = item ? item->to : SYSMIS;
}
+
+dnl AUTORECODE had a use-after-free error when TEMPORARY was in use.
+dnl Bug #32757.
+AT_SETUP([AUTORECODE with TEMPORARY])
+AT_DATA([autorecode.sps],
+ [data list /X 1-5(a) Y 7.
+begin data.
+lasdj 1
+asdfk 0
+asdfj 2
+asdfj 1
+asdfk 2
+asdfj 9
+lajks 9
+asdfk 0
+asdfk 1
+end data.
+
+temporary.
+select if y > 1.
+autorecode x y into A B/descend.
+list.
+])
+AT_CHECK([pspp -O format=csv autorecode.sps], [0],
+ [Table: Reading 1 record from INLINE.
+Variable,Record,Columns,Format
+X,1,1- 5,A5
+Y,1,7- 7,F1.0
+
+Table: Data List
+X,Y,A,B
+lasdj,1,. ,. @&t@
+asdfk,0,2.00,. @&t@
+asdfj,2,3.00,2.00
+asdfj,1,3.00,. @&t@
+asdfk,2,2.00,2.00
+asdfj,9,3.00,1.00
+lajks,9,1.00,1.00
+asdfk,0,2.00,. @&t@
+asdfk,1,2.00,. @&t@
+])
+AT_CLEANUP