Date: Thu, 01 Dec 2016 04:27:40 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 214973] bmake segfault on parenthesized variables. Message-ID: <bug-214973-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214973 Bug ID: 214973 Summary: bmake segfault on parenthesized variables. Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: ori@eigenstate.org Created attachment 177565 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D177565&action= =3Dedit Fixes segfault in bmake. Possibly sketchy. Turns out that I can trivially segfault make with this input: (FOO)=3Dval This happens because in /usr/src/contrib/bmake/parse.c:1862 or so, we start off with: for (depth =3D 0, cp =3D line + 1; depth > 0 || *cp !=3D '=3D'; cp+= +) { which skips over the opening '(', meaning that when we see the closing ')', the depth becomes negative, and we never break out of the loop, eventually reading outside of mapped memory. Starting off with 'cp =3D line', as in the attached patch, seems to work, although I'm a bit suspicious about it breaking some subtle case when parsing variables. Still, I tested by: cd /usr/src/usr.bin/bmake; make; make install cd /usr/src/lib/libc; make clean; make Seems to work. 'make world' is running now. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214973-8>