From: John Darrington <john@darrington.wattle.id.au>
Date: Sat, 20 Jun 2020 05:17:06 +0000 (+0200)
Subject: Fix crash when parsing a badly formatted variable string.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f81e16108f3becda7dc7858f181f559f7ae96401;p=pspp

Fix crash when parsing a badly formatted variable string.

Reported by: Andrea Fioraldi

Fixes bug: #58594
---

diff --git a/src/language/lexer/variable-parser.c b/src/language/lexer/variable-parser.c
index d80c25ee6b..e637940351 100644
--- a/src/language/lexer/variable-parser.c
+++ b/src/language/lexer/variable-parser.c
@@ -1,5 +1,5 @@
 /* PSPP - a program for statistical analysis.
-   Copyright (C) 1997-9, 2000, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
+   Copyright (C) 1997-9, 2000, 2009, 2010, 2011, 2012, 2020 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -123,7 +123,8 @@ parse_variable (struct lexer *lexer, const struct dictionary *d)
 /* Parses a set of variables from dictionary D given options
    OPTS.  Resulting list of variables stored in *VAR and the
    number of variables into *CNT.  Returns true only if
-   successful. */
+   successful.  The dictionary D must contain at least one
+   variable.  */
 bool
 parse_variables (struct lexer *lexer, const struct dictionary *d,
 			struct variable ***var,
@@ -137,6 +138,12 @@ parse_variables (struct lexer *lexer, const struct dictionary *d,
   assert (cnt != NULL);
 
   vs = var_set_create_from_dict (d);
+  if (var_set_get_cnt (vs) == 0)
+    {
+      *cnt = 0;
+      var_set_destroy (vs);
+      return false;
+    }
   success = parse_var_set_vars (lexer, vs, var, cnt, opts);
   var_set_destroy (vs);
   return success;
diff --git a/tests/language/lexer/variable-parser.at b/tests/language/lexer/variable-parser.at
index d9ca22815f..2e22934ab3 100644
--- a/tests/language/lexer/variable-parser.at
+++ b/tests/language/lexer/variable-parser.at
@@ -1,5 +1,5 @@
 dnl PSPP - a program for statistical analysis.
-dnl Copyright (C) 2017 Free Software Foundation, Inc.
+dnl Copyright (C) 2017, 2020 Free Software Foundation, Inc.
 dnl
 dnl This program is free software: you can redistribute it and/or modify
 dnl it under the terms of the GNU General Public License as published by
@@ -64,3 +64,17 @@ X,1.00,Count,0,0,0,0,0,0,0,0
 Total,,,0,0,0,0,1,0,0,1
 ])
 AT_CLEANUP
+
+
+AT_SETUP([variable parser crash])
+
+AT_DATA([crash.sps], [dnl
+INPUT PROGRAM.
+FORMATS ALL(F1).$
+END FILE.
+END INPUT PROGRAM.
+])
+
+AT_CHECK([pspp -O format=txt crash.sps], [1], [ignore])
+
+AT_CLEANUP
\ No newline at end of file