Disallow deleting SYMTAB and its elements (#43)

4 files changed, 10 insertions, 1 deletions

diff --git a/FIXES b/FIXES
index 0665229..4c9d476 100644
--- a/FIXES
+++ b/FIXES
@@ -25,6 +25,11 @@ THIS SOFTWARE.
 This file lists all bug fixes, changes, etc., made since the AWK book
 was sent to the printers in August, 1987.
 
+June 17, 2019:
+	Disallow deleting SYMTAB and its elements, which creates
+	use-after-free bugs. Thanks to GitHub user Cody Mello (melloc)
+	for the fix. (Merged from PR #43.)
+
 June 5, 2019:
 	Allow unmatched right parenthesis in a regular expression to
 	be treated literally. Fixes Issue #40. Thanks to GitHub user
diff --git a/awk.h b/awk.h
index ddf2466..0f78e87 100644
--- a/awk.h
+++ b/awk.h
@@ -105,6 +105,7 @@ extern Cell	*rsloc;		/* RS */
 extern Cell	*rstartloc;	/* RSTART */
 extern Cell	*rlengthloc;	/* RLENGTH */
 extern Cell	*subseploc;	/* SUBSEP */
+extern Cell	*symtabloc;	/* SYMTAB */
 
 /* Cell.tval values: */
 #define	NUM	01	/* number value is valid */
diff --git a/main.c b/main.c
index 2d7a382..9c31591 100644
--- a/main.c
+++ b/main.c
@@ -22,7 +22,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 ****************************************************************/
 
-const char	*version = "version 20190605";
+const char	*version = "version 20190617";
 
 #define DEBUG
 #include <stdio.h>
diff --git a/run.c b/run.c
index 2dfb3e6..36e5e85 100644
--- a/run.c
+++ b/run.c
@@ -512,6 +512,9 @@ Cell *awkdelete(Node **a, int n)	/* a[0] is symtab, a[1] is list of subscripts *
 	int nsub;
 
 	x = execute(a[0]);	/* Cell* for symbol table */
+	if (x == symtabloc) {
+		FATAL("cannot delete SYMTAB or its elements");
+	}
 	if (!isarr(x))
 		return True;
 	if (a[1] == 0) {	/* delete the elements, not the table */