FLIP: Fix use-after-free and double frees with temporary transformations.

author Ben Pfaff <blp@cs.stanford.edu>

Tue, 21 May 2013 05:54:31 +0000 (22:54 -0700)

committer Ben Pfaff <blp@cs.stanford.edu>

Tue, 21 May 2013 05:54:53 +0000 (22:54 -0700)
author Ben Pfaff <blp@cs.stanford.edu>
Tue, 21 May 2013 05:54:31 +0000 (22:54 -0700)
committer Ben Pfaff <blp@cs.stanford.edu>
Tue, 21 May 2013 05:54:53 +0000 (22:54 -0700)
diff --git a/src/data/dataset.c b/src/data/dataset.c

index 9c3fe8cfecffc9003781836fe616bd3dc5858bf3..7448bd38efb7a2ec66807faf62e553a3a8712050 100644 (file)
--- a/src/data/dataset.c
+++ b/src/data/dataset.c
@@ -759,6 +759,8 @@ proc_make_temporary_transformations_permanent (struct dataset *ds)
        trns_chain_splice (ds->permanent_trns_chain, ds->temporary_trns_chain);
        ds->temporary_trns_chain = NULL;
  
+      ds->cur_trns_chain = ds->permanent_trns_chain;
+
        dict_destroy (ds->permanent_dict);
        ds->permanent_dict = NULL;
  
diff --git a/src/data/transformations.c b/src/data/transformations.c

index 7f8672805f1983879934dff1fe0bbaf3996a7381..209d13f82bf816653cba78240060924cb206c2fe 100644 (file)
--- a/src/data/transformations.c
+++ b/src/data/transformations.c
@@ -166,6 +166,7 @@ trns_chain_splice (struct trns_chain *dst, struct trns_chain *src)
      }
    dst->trns_cnt += src->trns_cnt;
  
+  src->trns_cnt = 0;
    trns_chain_destroy (src);
  }
  
diff --git a/tests/language/stats/flip.at b/tests/language/stats/flip.at

index 508c9d91be5b17bf1fcae26bb97542b0b5fbfec6..2b7e234b4244f9812061abdc6979f76e50fc7506 100644 (file)
--- a/tests/language/stats/flip.at
+++ b/tests/language/stats/flip.at
@@ -11,6 +11,8 @@ x1112131415
  y1617181920
  z2122232425
  end data.
+temporary.
+compute e = a.
  flip newnames=n.
  list.
  flip.
@@ -25,20 +27,23 @@ x,11,12,13,14
  y,16,17,18,19
  z,21,22,23,24
  
+flip.sps:12: warning: FLIP: FLIP ignores TEMPORARY.  Temporary transformations will be made permanent.
+
  Table: Data List
  CASE_LBL,v,w,x,y,z
  a       ,1.00,6.00,11.00,16.00,21.00
  b       ,2.00,7.00,12.00,17.00,22.00
  c       ,3.00,8.00,13.00,18.00,23.00
  d       ,4.00,9.00,14.00,19.00,24.00
+e       ,1.00,6.00,11.00,16.00,21.00
  
  Table: Data List
-CASE_LBL,a,b,c,d
-v       ,1.00,2.00,3.00,4.00
-w       ,6.00,7.00,8.00,9.00
-x       ,11.00,12.00,13.00,14.00
-y       ,16.00,17.00,18.00,19.00
-z       ,21.00,22.00,23.00,24.00
+CASE_LBL,a,b,c,d,e
+v       ,1.00,2.00,3.00,4.00,1.00
+w       ,6.00,7.00,8.00,9.00,6.00
+x       ,11.00,12.00,13.00,14.00,11.00
+y       ,16.00,17.00,18.00,19.00,16.00
+z       ,21.00,22.00,23.00,24.00,21.00
  ])
  AT_CLEANUP
author	Ben Pfaff <blp@cs.stanford.edu>
	Tue, 21 May 2013 05:54:31 +0000 (22:54 -0700)
committer	Ben Pfaff <blp@cs.stanford.edu>
	Tue, 21 May 2013 05:54:53 +0000 (22:54 -0700)
src/data/dataset.c		patch \| blob \| history
src/data/transformations.c		patch \| blob \| history
tests/language/stats/flip.at		patch \| blob \| history