Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/indent indent: prevent use-after-free bug



details:   https://anonhg.NetBSD.org/src/rev/8bcdc4ce1d10
branches:  trunk
changeset: 1026318:8bcdc4ce1d10
user:      rillig <rillig%NetBSD.org@localhost>
date:      Thu Nov 18 23:26:58 2021 +0000

description:
indent: prevent use-after-free bug

Triggered by the following artificial program:

---- snip ----
int *
f
(                                                             void)
{
}
---- snap ----

diffstat:

 usr.bin/indent/lexi.c |  10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diffs (32 lines):

diff -r dcbb509182ca -r 8bcdc4ce1d10 usr.bin/indent/lexi.c
--- a/usr.bin/indent/lexi.c     Thu Nov 18 23:06:51 2021 +0000
+++ b/usr.bin/indent/lexi.c     Thu Nov 18 23:26:58 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: lexi.c,v 1.138 2021/11/07 18:26:17 rillig Exp $        */
+/*     $NetBSD: lexi.c,v 1.139 2021/11/18 23:26:58 rillig Exp $        */
 
 /*-
  * SPDX-License-Identifier: BSD-4-Clause
@@ -43,7 +43,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__RCSID("$NetBSD: lexi.c,v 1.138 2021/11/07 18:26:17 rillig Exp $");
+__RCSID("$NetBSD: lexi.c,v 1.139 2021/11/18 23:26:58 rillig Exp $");
 #elif defined(__FreeBSD__)
 __FBSDID("$FreeBSD: head/usr.bin/indent/lexi.c 337862 2018-08-15 18:19:45Z pstef $");
 #endif
@@ -708,8 +708,12 @@
 
            while (isalpha((unsigned char)*tp) ||
                    isspace((unsigned char)*tp)) {
-               if (++tp >= inp.e)
+               if (++tp >= inp.e) {
+                   const char *s_before = inp.s;
                    inp_read_line();
+                   if (inp.s != s_before)
+                       abort();
+               }
            }
            if (*tp == '(')
                ps.procname[0] = ' ';



Home | Main Index | Thread Index | Old Index