From d0897fd0c49c7e434166558b85dd3ec73e821a61 Mon Sep 17 00:00:00 2001 From: rlar Date: Wed, 24 Feb 2016 18:56:14 +0100 Subject: [PATCH] src/spicelib/parser/inpptree.c, bug fix, B expression of kind `max(0,expr)' identified and reported by Marcel Hendrix, expressions of this kind could trigger a segmentation violation. PTdifferentiate() roughly evaluates to ternary_fcn(ge0(0-expr), 0, PTdifferentate(expr)) and mkb() optimizes 0 - expr --> unary_minus(expr) IFeval() invokes PTeval() for the derivative too, PTeval() looks at the incorrect tree->funcnum and tries to PTeval for a second argument which is not there, (unary_minus does not have a second argument) causing a segmentation fault. --- src/spicelib/parser/inpptree.c | 2 +- tests/regression/parser/bxpressn-1.cir | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/spicelib/parser/inpptree.c b/src/spicelib/parser/inpptree.c index e4b32942a..994ffb01e 100644 --- a/src/spicelib/parser/inpptree.c +++ b/src/spicelib/parser/inpptree.c @@ -827,7 +827,7 @@ static INPparseNode *mkf(int type, INPparseNode * arg) p->left = inc_usage(arg); - p->funcnum = i; + p->funcnum = funcs[i].number; p->function = funcs[i].funcptr; p->funcname = funcs[i].name; diff --git a/tests/regression/parser/bxpressn-1.cir b/tests/regression/parser/bxpressn-1.cir index b6a428762..d43549baf 100644 --- a/tests/regression/parser/bxpressn-1.cir +++ b/tests/regression/parser/bxpressn-1.cir @@ -507,6 +507,18 @@ v1151_g n1151_g 0 '1' v1152_g n1152_g 0 '1' v1153_g n1153_g 0 '0' +* ---------------------------------------- +* special regression test unveils ... +* max(a,b) + +vaux1 n42 0 dc 42.0 + +b1154_t n1154_t 0 v = max(0, v(n42)) +b1155_t n1155_t 0 v = max(v(n42), 0) + +v1154_g n1154_g 0 '42.0' +v1155_g n1155_g 0 '42.0' + .control define mismatch(a,b,err) abs(a-b)>err @@ -516,7 +528,7 @@ op let total_count = 0 let fail_count = 0 -let tests = 1001 + vector(153) +let tests = 1001 + vector(155) foreach n $&tests set n_test = "n{$n}_t"