Date: Wed, 6 Oct 2004 10:20:23 GMT From: Ruslan Ermilov <ru@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/72370: awk in -current dumps core Message-ID: <200410061020.i96AKNBT035621@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/72370; it has been noted by GNATS. From: Ruslan Ermilov <ru@freebsd.org> To: Joseph Koshy <jkoshy@freebsd.org> Cc: bug-followup@freebsd.org Subject: Re: bin/72370: awk in -current dumps core Date: Wed, 6 Oct 2004 13:17:57 +0300 On Wed, Oct 06, 2004 at 02:18:27AM +0000, Joseph Koshy wrote: > > awk in 5-current dumps core if asked to deference a positional > parameter at a large positive index. There also seems to be > numeric overflow occuring behind the scenes. The following > examples show the difference between GNU awk in 4-STABLE and > the awk in 5-current. > > $ echo | /5/usr/bin/awk '{ x = 2147483647; print $x }' > *core dump* > There's no bounds checking done when growing the "field table". What happens here is that realloc() is given "0" as the second argument, and later the code assumes that enough data has been allocated when in fact it was not. The below patch should check for all possible overflows by doing the reverse arithmetics. %%% Index: lib.c =================================================================== RCS file: /home/ncvs/src/contrib/one-true-awk/lib.c,v retrieving revision 1.1.1.3 diff -u -p -r1.1.1.3 lib.c --- lib.c 17 Mar 2003 07:59:58 -0000 1.1.1.3 +++ lib.c 6 Oct 2004 07:55:36 -0000 @@ -387,10 +387,15 @@ Cell *fieldadr(int n) /* get nth field * void growfldtab(int n) /* make new fields up to at least $n */ { int nf = 2 * nfields; + size_t s; if (n > nf) nf = n; - fldtab = (Cell **) realloc(fldtab, (nf+1) * (sizeof (struct Cell *))); + s = (nf+1) * (sizeof (struct Cell *)); + if (s / (sizeof (struct Cell *)) - 1 == nf) + fldtab = (Cell **) realloc(fldtab, s); + else + xfree(fldtab); if (fldtab == NULL) FATAL("out of space creating %d fields", nf); makefields(nfields+1, nf); %%% Cheers, -- Ruslan Ermilov ru@FreeBSD.org FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410061020.i96AKNBT035621>