diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2020-07-29 12:31:29 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-29 21:31:29 +0300 |
commit | 453ce8642b69943dee03e89fb7666a80f7c84bcf (patch) | |
tree | 901f4efb808fbae87fbd676823d190e14cb28b1c | |
parent | e22bb7c625df14ad8c9195124ed99cc41d7dfcd2 (diff) | |
download | one-true-awk-453ce8642b69943dee03e89fb7666a80f7c84bcf.tar.gz |
Avoid accessing pfile[] out of bounds on syntax error at EOF. (#90)
When awk reaches EOF parsing the program file, curpfile is incremented.
However, cursource() uses curpfile without checking it against npfile
which can cause an out of bounds access of pfile[] if there is a syntax
error at the end of the program file.
-rw-r--r-- | bugs-fixed/pfile-overflow.awk | 1 | ||||
-rw-r--r-- | bugs-fixed/pfile-overflow.ok | 4 | ||||
-rw-r--r-- | main.c | 2 |
3 files changed, 6 insertions, 1 deletions
diff --git a/bugs-fixed/pfile-overflow.awk b/bugs-fixed/pfile-overflow.awk new file mode 100644 index 0000000..b7d5379 --- /dev/null +++ b/bugs-fixed/pfile-overflow.awk @@ -0,0 +1 @@ +\
\ No newline at end of file diff --git a/bugs-fixed/pfile-overflow.ok b/bugs-fixed/pfile-overflow.ok new file mode 100644 index 0000000..a0de50f --- /dev/null +++ b/bugs-fixed/pfile-overflow.ok @@ -0,0 +1,4 @@ +../a.out: syntax error at source line 1 source file pfile-overflow.awk + context is + >>> <<< +../a.out: bailing out at source line 1 source file pfile-overflow.awk @@ -256,7 +256,7 @@ int pgetc(void) /* get 1 character from awk program */ char *cursource(void) /* current source file name */ { if (npfile > 0) - return pfile[curpfile]; + return pfile[curpfile < npfile ? curpfile : curpfile - 1]; else return NULL; } |