reproducible awk(1) segfault

To: tech-userlevel%netbsd.org@localhost
Subject: reproducible awk(1) segfault
From: Jukka Salmi <j+nbsd%2008.salmi.ch@localhost>
Date: Mon, 21 Jan 2008 15:46:50 +0100

Hello,

on a current system awk(1) dumps core if some invalid printf formats
are used, e.g.

$ awk 'BEGIN { printf("%*"); }'
Segmentation fault (core dumped)

I'm not familiar with the code and only glanced at it, so I'm not sure
if the attache patch is a correct fix for the problem. However, it
seems to fix it...


Cheers, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~

Index: dist/nawk/run.c
===================================================================
RCS file: /cvsroot/src/dist/nawk/run.c,v
retrieving revision 1.17
diff -u -p -r1.17 run.c
--- dist/nawk/run.c     25 Oct 2007 22:22:41 -0000      1.17
+++ dist/nawk/run.c     21 Jan 2008 14:41:11 -0000
@@ -843,6 +843,8 @@ int format(char **pbuf, int *pbufsize, c
                                break;  /* the ansi panoply */
                        if (*s == '*') {
                                x = execute(a);
+                               if (a == NULL)
+                                       FATAL("not enough args in printf(%s)", 
os);
                                a = a->nnext;
                                sprintf(t-1, "%d", fmtwd=(int) getfval(x));
                                if (fmtwd < 0)

Prev by Date: RockRidge (was Re: Generic boot image) support in makefs(8)
Next by Date: swap-on-raidframe vs raidctl -P
Previous by Thread: realtime functions in userland
Next by Thread: swap-on-raidframe vs raidctl -P
Indexes:

Home | Main Index | Thread Index | Old Index