emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

awk: fix read beyond end of buffer

Browse Source 
Commit 7d06d6e18 (awk: fix printf %%) can cause awk printf to read
beyond the end of a strduped buffer:

  2349      while (*f && *f != '%')
  2350          f++;
  2351      c = *++f;

If the loop terminates because a NUL character is detected the
character after the NUL is read.  This can result in failures
depending on the value of that character.

function                                             old     new   delta
awk_printf                                           672     665      -7

Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Ron Yorston 2021-09-09 08:15:31 +01:00 committed by Denys Vlasenko
parent eb60777769
commit 305a30d80b
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
editors/awk.c
View File

@ -2348,6 +2348,7 @@ static char *awk_printf(node *n, size_t *len)
s = f; s = f;
while (*f && *f != '%') while (*f && *f != '%')
f++; f++;
if (*f) {
c = *++f; c = *++f;
if (c == '%') { /* double % */ if (c == '%') { /* double % */
slen = f - s; slen = f - s;
@ -2360,6 +2361,7 @@ static char *awk_printf(node *n, size_t *len)
syntax_error("%*x formats are not supported"); syntax_error("%*x formats are not supported");
f++; f++;
} }
}
c = *f; c = *f;
if (!c) { if (!c) {
/* Tail of fmt with no percent chars, /* Tail of fmt with no percent chars,