From 2ca36995aaecbfcd2268b19cf3445fdf64bb508e Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 3 May 2024 07:13:00 +0200
Subject: prog: fix panic during squashing

Netbsd syzbot instance crashes trying to squash a pointer.
Pointers must not be squashed. This happens because of
recursive ucontext_t type that contains a pointer to itself.
When we assign SquashableElem recursive struct types may not be fully
generated yet, and ForeachArgType won't observe all types.
Assign SquashableElem after all types are fully generated.
---
 pkg/compiler/compiler_test.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'pkg/compiler/compiler_test.go')

diff --git a/pkg/compiler/compiler_test.go b/pkg/compiler/compiler_test.go
index 0a2396b5b..51bbbdf65 100644
--- a/pkg/compiler/compiler_test.go
+++ b/pkg/compiler/compiler_test.go
@@ -355,3 +355,33 @@ foo$2(a ptr[in, string[str1]], b ptr[in, string[str2]])
 		}
 	}
 }
+
+func TestSquashablePtr(t *testing.T) {
+	t.Parallel()
+	// recursive must not be marked as squashable b/c it contains a pointer.
+	const input = `
+foo(a ptr[in, recursive])
+
+recursive {
+	f0	ptr[in, recursive, opt]
+	f1	int32
+	f2	array[int8]
+}
+`
+	eh := func(pos ast.Pos, msg string) {
+		t.Errorf("%v: %v", pos, msg)
+	}
+	desc := ast.Parse([]byte(input), "input", eh)
+	if desc == nil {
+		t.Fatal("failed to parse")
+	}
+	p := Compile(desc, map[string]uint64{"SYS_foo": 1}, targets.List[targets.TestOS][targets.TestArch64], eh)
+	if p == nil {
+		t.Fatal("failed to compile")
+	}
+	for _, typ := range p.Types {
+		if ptr, ok := typ.(*prog.PtrType); ok && ptr.SquashableElem {
+			t.Fatal("got squashable ptr")
+		}
+	}
+}
-- 
cgit mrf-deployment