Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/make make: fix out-of-bounds read when parsing the '...
details: https://anonhg.NetBSD.org/src/rev/f2d3abf30566
branches: trunk
changeset: 369629:f2d3abf30566
user: rillig <rillig%NetBSD.org@localhost>
date: Wed Aug 24 21:03:57 2022 +0000
description:
make: fix out-of-bounds read when parsing the ':M' modifier
Since at least 2009-01-17, probably already since 2006-02-18, when
modifiers were allowed to be nested expressions.
diffstat:
usr.bin/make/unit-tests/varmod-match.mk | 12 +++++++++++-
usr.bin/make/var.c | 6 +++---
2 files changed, 14 insertions(+), 4 deletions(-)
diffs (50 lines):
diff -r 003b82793ef4 -r f2d3abf30566 usr.bin/make/unit-tests/varmod-match.mk
--- a/usr.bin/make/unit-tests/varmod-match.mk Wed Aug 24 20:22:10 2022 +0000
+++ b/usr.bin/make/unit-tests/varmod-match.mk Wed Aug 24 21:03:57 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: varmod-match.mk,v 1.11 2022/06/11 09:15:49 rillig Exp $
+# $NetBSD: varmod-match.mk,v 1.12 2022/08/24 21:03:57 rillig Exp $
#
# Tests for the :M variable modifier, which filters words that match the
# given pattern.
@@ -280,3 +280,13 @@
.if ${PRIMES:M${:U2}} != "2"
. error
.endif
+
+
+# Before var.c 1.1031 from 2022-08-24, the following expressions caused an
+# out-of-bounds read beyond the indirect ':M' modifiers.
+.if ${:U:${:UM\\}} # The ':M' pattern need not be unescaped, the
+. error # resulting pattern is '\', it never matches
+.endif # anything.
+.if ${:U:${:UM\\\:\\}} # The ':M' pattern must be unescaped, the
+. error # resulting pattern is ':\', it never matches
+.endif # anything.
diff -r 003b82793ef4 -r f2d3abf30566 usr.bin/make/var.c
--- a/usr.bin/make/var.c Wed Aug 24 20:22:10 2022 +0000
+++ b/usr.bin/make/var.c Wed Aug 24 21:03:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: var.c,v 1.1030 2022/08/24 20:22:10 rillig Exp $ */
+/* $NetBSD: var.c,v 1.1031 2022/08/24 21:03:57 rillig Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1993
@@ -139,7 +139,7 @@
#include "metachar.h"
/* "@(#)var.c 8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: var.c,v 1.1030 2022/08/24 20:22:10 rillig Exp $");
+MAKE_RCSID("$NetBSD: var.c,v 1.1031 2022/08/24 21:03:57 rillig Exp $");
/*
* Variables are defined using one of the VAR=value assignments. Their
@@ -2740,7 +2740,7 @@
int nest = 0;
const char *p;
for (p = mod + 1; *p != '\0' && !(*p == ':' && nest == 0); p++) {
- if (*p == '\\' &&
+ if (*p == '\\' && p[1] != '\0' &&
(IsDelimiter(p[1], ch) || p[1] == ch->startc)) {
if (!needSubst)
copy = true;
Home |
Main Index |
Thread Index |
Old Index