sys-file-reader: Fix null deref on bad $@Role attribute.

When a variable had a bad $@Role attribute, this was effectively read as
an attribute without any values.  This is the only way to produce such an
attribute.  The system file reader assumed that every attribute had at
least one value and segfaulted if $@Role did not.

This commit fixes both the ultimate cause of the segfault, by dropping
attributes with no values, and the proximate cause, by ignoring $@Role
attributes with no values.  Either fix by itself would be sufficient to
avoid the segfault.

Thanks to Tianxiao Gu for reporting the problem.
Bug #54687.

diff --git a/src/data/sys-file-reader.c b/src/data/sys-file-reader.c
index b2db755732311d6c6ba8dda47044225edffa80c2..1b2d6c2131b996a8e8abf1dc18b10fc259f77187 100644 (file)
--- a/src/data/sys-file-reader.c
+++ b/src/data/sys-file-reader.c
@@ -2334,7 +2334,7 @@ parse_attributes (struct sfm_reader *r, struct text_record *text,
           if (text_match (text, ')'))
             break;
         }
-      if (attrs != NULL)
+      if (attrs != NULL && attribute_get_n_values (attr) > 0)
         {
           if (!attrset_try_add (attrs, attr))
             {
@@ -2388,7 +2388,7 @@ assign_variable_roles (struct sfm_reader *r, struct dictionary *dict)
       struct variable *var = dict_get_var (dict, i);
       struct attrset *attrs = var_get_attributes (var);
       const struct attribute *attr = attrset_lookup (attrs, "$@Role");
-      if (attr != NULL)
+      if (attr != NULL && attribute_get_n_values (attr) > 0)
         {
           int value = atoi (attribute_get_value (attr, 0));
           enum var_role role;