emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

awk: fix read beyond end of buffer

Browse Source 
Commit 7d06d6e18 (awk: fix printf %%) can cause awk printf to read
beyond the end of a strduped buffer:

  2349      while (*f && *f != '%')
  2350          f++;
  2351      c = *++f;

If the loop terminates because a NUL character is detected the
character after the NUL is read.  This can result in failures
depending on the value of that character.

function                                             old     new   delta
awk_printf                                           672     665      -7

Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Ron Yorston 2021-09-09 08:15:31 +01:00 committed by Denys Vlasenko
parent eb60777769
commit 305a30d80b
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
editors/awk.c
View File

@ -2348,17 +2348,19 @@ static char *awk_printf(node *n, size_t *len)
s = f;
while (*f && *f != '%')
f++;
c = *++f;
if (c == '%') { /* double % */
slen = f - s;
s = xstrndup(s, slen);
f++;
goto tail;
}
while (*f && !isalpha(*f)) {
if (*f == '*')
syntax_error("%*x formats are not supported");
f++;
if (*f) {
c = *++f;
if (c == '%') { /* double % */
slen = f - s;
s = xstrndup(s, slen);
f++;
goto tail;
}
while (*f && !isalpha(*f)) {
if (*f == '*')
syntax_error("%*x formats are not supported");
f++;
}
}
c = *f;
if (!c) {