From bcfd195069fb123debe22b3fe5b39f56e95e3767 Mon Sep 17 00:00:00 2001 From: John Darrington Date: Thu, 31 Mar 2016 10:14:05 +0200 Subject: [PATCH] Fix crash when ROC was passed a non-number where a number was expected. Found by zzuf. --- src/language/stats/roc.c | 15 ++++++++++----- tests/language/stats/roc.at | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/src/language/stats/roc.c b/src/language/stats/roc.c index cf8d9371ca..b8086dd659 100644 --- a/src/language/stats/roc.c +++ b/src/language/stats/roc.c @@ -237,15 +237,19 @@ cmd_roc (struct lexer *lexer, struct dataset *ds) } else if (lex_match_id (lexer, "CI")) { - lex_force_match (lexer, T_LPAREN); - lex_force_num (lexer); + if (!lex_force_match (lexer, T_LPAREN)) + goto error; + if (! lex_force_num (lexer)) + goto error; roc.ci = lex_number (lexer); lex_get (lexer); - lex_force_match (lexer, T_RPAREN); + if (!lex_force_match (lexer, T_RPAREN)) + goto error; } else if (lex_match_id (lexer, "DISTRIBUTION")) { - lex_force_match (lexer, T_LPAREN); + if (!lex_force_match (lexer, T_LPAREN)) + goto error; if (lex_match_id (lexer, "FREE")) { roc.bi_neg_exp = false; @@ -259,7 +263,8 @@ cmd_roc (struct lexer *lexer, struct dataset *ds) lex_error (lexer, NULL); goto error; } - lex_force_match (lexer, T_RPAREN); + if (!lex_force_match (lexer, T_RPAREN)) + goto error; } else { diff --git a/tests/language/stats/roc.at b/tests/language/stats/roc.at index f8d41ba75d..458edbc45a 100644 --- a/tests/language/stats/roc.at +++ b/tests/language/stats/roc.at @@ -183,3 +183,21 @@ roc x y By(a (1) AT_CHECK([pspp -o pspp.csv roc.sps], [1], [ignore]) AT_CLEANUP + + +AT_SETUP([ROC crash on invalid syntax]) +AT_DATA([roc.sps], [dnl +data list notable list /x * y * a *. +bggin data. +1 1 2 +1 2 28 +end data. + + +roc x y by a (1) + /criteria = ci(y5) +]) + +AT_CHECK([pspp -O format=csv roc.sps], [1], [ignore]) + +AT_CLEANUP -- 2.30.2