Fix out-of-bound access to "alex_check" array

[hsyl20]

offset can be negative. We must check this before using it to index into alex_check array.

Caught with GHC's JS backend (native GHC would only segfault in rare circumstances).

[andreasabel]

Thanks for the PR!

Could you please add a testcase that demonstrates the bug and how it is fixed by your patch?

[andreasabel]

Maybe it is too early in the morning and my brain hasn't woken up... but I cannot see the semantic difference between the new and the old code.

[hsyl20]

I should have explained more ;)

The issue is that 'check' is unlifted, hence it's a strict binding. The way it was written before, it was evaluated before checking that offset was greater than or equal to 0. I've just moved the binding after the check.

Adding a test case for this seems difficult. We could add an assertion in the indexing function in debug mode that the offset is positive, but that seemed overkill. I've found this bug in the lexer code generated for Cabal-syntax. Any use of this code with the JS backend fails (the JS backend doesn't have an addressable heap, instead 'alex_check' array is represented as a JS array, so out-of-bound access triggers an exception).

[andreasabel]

Ok that is subtle indeed. I unlearned ML a long time ago... ;-)

• Could you add your explanation to the commit message?
• Could you add a CHANGELOG entry for this?
• Do you need a release of the fix?
• (Let's skip the test case as the change obviously makes the code more correct.)

[hsyl20]

Done.

A release would be nice as I'll have to fix Cabal-syntax's lexer.

[andreasabel]

Thanks!

[andreasabel]

@Ericson2314 : Could you please add me to the maintainers: https://hackage.haskell.org/package/alex/maintainers/

[andreasabel]

Candidate: https://hackage.haskell.org/package/alex-3.2.7.2/candidate

Published: https://hackage.haskell.org/package/alex-3.2.7.2

[hsyl20]

@andreasabel Awesome. Thanks a lot for your responsiveness!

[RyanGlScott]

One consequence of this PR is that alex-generated .hs files now require PatternGuards, which wasn't required before:

$ ghc -XHaskell98 Foo.hs
[1 of 1] Compiling Main             ( Foo.hs, Foo.o )

Foo.hs:3747:19: warning:
    accepting non-standard pattern guards (use PatternGuards to suppress this message)
        (offset >= (0)),
        check <- alexIndexInt16OffAddr alex_check offset,
        (check == ord_c)
     |
3747 |                   | GTE(offset,ILIT(0))
     |                   ^^^^^^^^^^^^^^^^^^^^^..

In fact, I had a project break with alex-3.2.7.2 because of this. Perhaps it would be worth documenting the PatternGuards requirement somewhere?

[andreasabel]

@hsyl20 : Can this be implemented without PatternGuards?
How about this:

 new_s = if GTE(offset,ILIT(0)) 
                && let check = alexIndexInt16OffAddr alex_check offset in EQ(check,ord_c)
                          then alexIndexInt16OffAddr alex_table offset
                          else alexIndexInt16OffAddr alex_deflt s

[andreasabel]

See:

• v3.2.7.3 amend PR #223 so that it does not need PatternGuards #224