Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/make make(1): fix undefined behavior in SubstVarLong
details: https://anonhg.NetBSD.org/src/rev/6d7a963d11d6
branches: trunk
changeset: 1017563:6d7a963d11d6
user: rillig <rillig%NetBSD.org@localhost>
date: Thu Dec 31 14:10:04 2020 +0000
description:
make(1): fix undefined behavior in SubstVarLong
A memcmp implementation that would check the start and end pointers
first would have detected this possible out-of-bounds memory read.
diffstat:
usr.bin/make/for.c | 18 +++++++++++-------
1 files changed, 11 insertions(+), 7 deletions(-)
diffs (68 lines):
diff -r acac89ef14c6 -r 6d7a963d11d6 usr.bin/make/for.c
--- a/usr.bin/make/for.c Thu Dec 31 13:56:56 2020 +0000
+++ b/usr.bin/make/for.c Thu Dec 31 14:10:04 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: for.c,v 1.131 2020/12/31 13:56:56 rillig Exp $ */
+/* $NetBSD: for.c,v 1.132 2020/12/31 14:10:04 rillig Exp $ */
/*
* Copyright (c) 1992, The Regents of the University of California.
@@ -58,7 +58,7 @@
#include "make.h"
/* "@(#)for.c 8.1 (Berkeley) 6/6/93" */
-MAKE_RCSID("$NetBSD: for.c,v 1.131 2020/12/31 13:56:56 rillig Exp $");
+MAKE_RCSID("$NetBSD: for.c,v 1.132 2020/12/31 14:10:04 rillig Exp $");
static int forLevel = 0; /* Nesting level */
@@ -356,7 +356,8 @@
* expression like ${i} or ${i:...} or $(i) or $(i:...) with ":Uvalue".
*/
static void
-SubstVarLong(For *f, const char **pp, const char **inout_mark, char endc)
+SubstVarLong(For *f, const char **pp, const char *bodyEnd, char endc,
+ const char **inout_mark)
{
size_t i;
const char *p = *pp;
@@ -366,7 +367,8 @@
char *varname = forVar->name;
size_t varnameLen = forVar->nameLen;
- /* XXX: undefined behavior for p if varname is longer than p? */
+ if (varnameLen >= (size_t)(bodyEnd - p))
+ continue;
if (memcmp(p, varname, varnameLen) != 0)
continue;
/* XXX: why test for backslash here? */
@@ -437,16 +439,18 @@
static void
ForSubstBody(For *f)
{
- const char *p;
+ const char *p, *bodyEnd;
const char *mark; /* where the last replacement left off */
Buf_Empty(&f->curBody);
mark = f->body.data;
+ bodyEnd = f->body.data + f->body.len;
for (p = mark; (p = strchr(p, '$')) != NULL;) {
if (p[1] == '{' || p[1] == '(') {
p += 2;
- SubstVarLong(f, &p, &mark, p[-1] == '{' ? '}' : ')');
+ SubstVarLong(f, &p, bodyEnd, p[-1] == '{' ? '}' : ')',
+ &mark);
} else if (p[1] != '\0') {
SubstVarShort(f, p + 1, &mark);
p += 2;
@@ -454,7 +458,7 @@
break;
}
- Buf_AddBytesBetween(&f->curBody, mark, f->body.data + f->body.len);
+ Buf_AddBytesBetween(&f->curBody, mark, bodyEnd);
}
/*
Home |
Main Index |
Thread Index |
Old Index