parser: don't assert on scope underflows

close_scope() gets called from the object destructors;
imbalance can cause us to hit assert().

Before:
nft: parser_bison.y:88: close_scope: Assertion `state->scope > 0' failed.
After:
assertion3:4:7-7: Error: too many levels of nesting jump {
assertion3:5:8-8: Error: too many levels of nesting jump
assertion3:5:9-9: Error: syntax error, unexpected newline, expecting '{'
assertion3:7:1-1: Error: syntax error, unexpected end of file

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 763c1b2dcd6121063aaed1b3830ff1f56682481b..f5f6bf04d06439f31a692bf5c10e2e8c8af703ab 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -80,12 +80,11 @@ static int open_scope(struct parser_state *state, struct scope *scope)
 
 static void close_scope(struct parser_state *state)
 {
-       if (state->scope_err) {
+       if (state->scope_err || state->scope == 0) {
                state->scope_err = false;
                return;
        }
 
-       assert(state->scope > 0);
        state->scope--;
 }
 

diff --git a/tests/shell/testcases/bogons/nft-f/scope_underflow_assert b/tests/shell/testcases/bogons/nft-f/scope_underflow_assert
new file mode 100644 (file)
index 0000000..aee1dcb
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/scope_underflow_assert
@@ -0,0 +1,6 @@
+table t {
+       chain c {
+               jump{
+                       jump {
+                               jump
+