#6 covered score causes segfault in expr.c

[Anonymous]

Dear Trevor,

I have an issue with the covered score command when compiling/running covered 0.7.10 under Linux (tested against OpenSUSE 11.3,11.4, 12.3, 13.1, both x86_64 and x86 including attempts to use -m32 crosscompilation). With larger Designs, the score command causes a segmentation fault while calling bool expression_op_func__sbit in expr.c.

There are two scenarios which cause a segmentation fault. Either (expression *) expr is a nullpointer or expr->sig is a nullpointer. Both are equally fatal, the first while determining retval and the later while extracting vwidth.

My quick and dirty fix was to check both for nullpointers and set vwidth to 0 and retval to (dim->curr_lsb != curr_lsb); I would prefer to see the error itself being inhibited properly befor the function is called instead of fuzzing with a mechanism I don't understand.

GCC versions using -O2 elimintae the time and thr parameters of the function (tested with GCC 4.4, 4.5 and 4.8), I don't know if this contributes to the error.

Thanks in advance,

Chris