Skip to content

Fix a crash when reporting an error at the end of a file #310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jserv merged 1 commit into from
Oct 11, 2025
Merged

Fix a crash when reporting an error at the end of a file #310

jserv merged 1 commit into from
Oct 11, 2025
+2 −1

Conversation

@visitorckw
Copy link
Collaborator

@visitorckw visitorckw commented Oct 10, 2025
edited by cubic-dev-ai bot
Loading

The compiler crashes with a segmentation fault when an unterminated C-style comment exists at the very end of a file.

The root cause is a buffer over-read in the error() function, which attempts to construct a diagnostic message by reading the source line containing the error. When the error is on the last line of a file without a trailing newline, this logic would read past the end of the source buffer.

Fix the issue by adding a bounds check to the loop, ensuring it does not read beyond the source buffer's size. This allows the compiler to correctly report the "Unenclosed C-style comment" error instead of crashing.

Summary by cubic

Prevents a crash when reporting an error at EOF by adding a source-bounds check while building the diagnostic line. Unterminated C-style comments at the end of a file without a trailing newline now produce a proper error instead of a segfault.

  • Bug Fixes
    • Add bounds check in error() to avoid reading past SOURCE->size when scanning for newline in src/globals.c.

@visitorckw
Fix a crash when reporting an error at the end of a file
2412df4 
The compiler crashes with a segmentation fault when an unterminated
C-style comment exists at the very end of a file.

The root cause is a buffer over-read in the error() function, which
attempts to construct a diagnostic message by reading the source line
containing the error. When the error is on the last line of a file
without a trailing newline, this logic would read past the end of the
source buffer.

Fix the issue by adding a bounds check to the loop, ensuring it does
not read beyond the source buffer's size. This allows the compiler to
correctly report the "Unenclosed C-style comment" error instead of
crashing.
@visitorckw
Copy link
Collaborator Author

visitorckw commented Oct 10, 2025

FWIW, this issue can be easily reproduced with the following example:

int main() {
    /* this is an unterminated comment
}

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Oct 10, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 1 file

Prompt for AI agents (all 1 issues) 

Understand the root cause of the following 1 issues and fix them.


<file name="src/globals.c">

<violation number="1" location="src/globals.c:1398">
This loop initializes `offset` to `SOURCE-&gt;size`, which causes an out-of-bounds read on the first iteration when accessing `SOURCE-&gt;elements[offset]`. The loop should initialize `offset` to `SOURCE-&gt;size - 1` to access the last valid element.</violation>
</file>

React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.

src/globals.c

for (offset = 0;
offset < MAX_SOURCE && SOURCE->elements[start_idx + offset] != '\n';
offset < MAX_SOURCE && (start_idx + offset) < SOURCE->size &&
Copy link

@cubic-dev-ai cubic-dev-ai bot Oct 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This loop initializes offset to SOURCE->size, which causes an out-of-bounds read on the first iteration when accessing SOURCE->elements[offset]. The loop should initialize offset to SOURCE->size - 1 to access the last valid element.

Prompt for AI agents 
Address the following comment on src/globals.c at line 1398:

<comment>This loop initializes `offset` to `SOURCE-&gt;size`, which causes an out-of-bounds read on the first iteration when accessing `SOURCE-&gt;elements[offset]`. The loop should initialize `offset` to `SOURCE-&gt;size - 1` to access the last valid element.</comment>

<file context>
@@ -1395,7 +1395,8 @@ void error(char *msg)
 
     for (offset = 0;
-         offset &lt; MAX_SOURCE &amp;&amp; SOURCE-&gt;elements[start_idx + offset] != &#39;\n&#39;;
+         offset &lt; MAX_SOURCE &amp;&amp; (start_idx + offset) &lt; SOURCE-&gt;size &amp;&amp;
+         SOURCE-&gt;elements[start_idx + offset] != &#39;\n&#39;;
          offset++) {
</file context>
Fix with Cubic

@jserv jserv merged commit 1169c76 into sysprog21:master Oct 11, 2025
7 checks passed
@jserv
Copy link
Collaborator

jserv commented Oct 11, 2025

Thank @visitorckw for contributing!

@visitorckw visitorckw deleted the fix-eof-crash branch October 12, 2025 05:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

+1 more reviewer

@DrXiao DrXiao DrXiao approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@visitorckw @jserv @DrXiao