Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/make make: fix out-of-bounds read when parsing the '...



details:   https://anonhg.NetBSD.org/src/rev/003b82793ef4
branches:  trunk
changeset: 369628:003b82793ef4
user:      rillig <rillig%NetBSD.org@localhost>
date:      Wed Aug 24 20:22:10 2022 +0000

description:
make: fix out-of-bounds read when parsing the ':D' modifier

Since 2000-04-29, when the ':D' and ':U' modifiers were added.

diffstat:

 usr.bin/make/unit-tests/varmod-defined.mk |  14 +++++++++++---
 usr.bin/make/var.c                        |   7 ++++---
 2 files changed, 15 insertions(+), 6 deletions(-)

diffs (53 lines):

diff -r d39e3836e836 -r 003b82793ef4 usr.bin/make/unit-tests/varmod-defined.mk
--- a/usr.bin/make/unit-tests/varmod-defined.mk Wed Aug 24 19:22:37 2022 +0000
+++ b/usr.bin/make/unit-tests/varmod-defined.mk Wed Aug 24 20:22:10 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: varmod-defined.mk,v 1.12 2021/11/30 23:52:19 rillig Exp $
+# $NetBSD: varmod-defined.mk,v 1.13 2022/08/24 20:22:10 rillig Exp $
 #
 # Tests for the :D variable modifier, which returns the given string
 # if the variable is defined.  It is closely related to the :U modifier.
@@ -104,5 +104,13 @@
 VAR:=          ${VAR:@var@${8_DOLLARS}@}
 .MAKEFLAGS: -d0
 
-all:
-       @:;
+
+# Before var.c 1.1030 from 2022-08-24, the following expression caused an
+# out-of-bounds read when parsing the indirect ':D' modifier.
+M_U_backslash:=        ${:UU\\}
+.if ${:${M_U_backslash}} != "\\"
+.  error
+.endif
+
+
+all: .PHONY
diff -r d39e3836e836 -r 003b82793ef4 usr.bin/make/var.c
--- a/usr.bin/make/var.c        Wed Aug 24 19:22:37 2022 +0000
+++ b/usr.bin/make/var.c        Wed Aug 24 20:22:10 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: var.c,v 1.1029 2022/08/23 19:22:01 rillig Exp $        */
+/*     $NetBSD: var.c,v 1.1030 2022/08/24 20:22:10 rillig Exp $        */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -139,7 +139,7 @@
 #include "metachar.h"
 
 /*     "@(#)var.c      8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: var.c,v 1.1029 2022/08/23 19:22:01 rillig Exp $");
+MAKE_RCSID("$NetBSD: var.c,v 1.1030 2022/08/24 20:22:10 rillig Exp $");
 
 /*
  * Variables are defined using one of the VAR=value assignments.  Their
@@ -2465,7 +2465,8 @@
                /* See Buf_AddEscaped in for.c. */
                if (*p == '\\') {
                        char c = p[1];
-                       if (IsDelimiter(c, ch) || c == '$' || c == '\\') {
+                       if ((IsDelimiter(c, ch) && c != '\0') ||
+                           c == '$' || c == '\\') {
                                if (shouldEval)
                                        LazyBuf_Add(buf, c);
                                p += 2;



Home | Main Index | Thread Index | Old Index