Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/make make: fix out-of-bounds read when parsing the '...



details:   https://anonhg.NetBSD.org/src/rev/f2d3abf30566
branches:  trunk
changeset: 369629:f2d3abf30566
user:      rillig <rillig%NetBSD.org@localhost>
date:      Wed Aug 24 21:03:57 2022 +0000

description:
make: fix out-of-bounds read when parsing the ':M' modifier

Since at least 2009-01-17, probably already since 2006-02-18, when
modifiers were allowed to be nested expressions.

diffstat:

 usr.bin/make/unit-tests/varmod-match.mk |  12 +++++++++++-
 usr.bin/make/var.c                      |   6 +++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diffs (50 lines):

diff -r 003b82793ef4 -r f2d3abf30566 usr.bin/make/unit-tests/varmod-match.mk
--- a/usr.bin/make/unit-tests/varmod-match.mk   Wed Aug 24 20:22:10 2022 +0000
+++ b/usr.bin/make/unit-tests/varmod-match.mk   Wed Aug 24 21:03:57 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: varmod-match.mk,v 1.11 2022/06/11 09:15:49 rillig Exp $
+# $NetBSD: varmod-match.mk,v 1.12 2022/08/24 21:03:57 rillig Exp $
 #
 # Tests for the :M variable modifier, which filters words that match the
 # given pattern.
@@ -280,3 +280,13 @@
 .if ${PRIMES:M${:U2}} != "2"
 .  error
 .endif
+
+
+# Before var.c 1.1031 from 2022-08-24, the following expressions caused an
+# out-of-bounds read beyond the indirect ':M' modifiers.
+.if ${:U:${:UM\\}}             # The ':M' pattern need not be unescaped, the
+.  error                       # resulting pattern is '\', it never matches
+.endif                         # anything.
+.if ${:U:${:UM\\\:\\}}         # The ':M' pattern must be unescaped, the
+.  error                       # resulting pattern is ':\', it never matches
+.endif                         # anything.
diff -r 003b82793ef4 -r f2d3abf30566 usr.bin/make/var.c
--- a/usr.bin/make/var.c        Wed Aug 24 20:22:10 2022 +0000
+++ b/usr.bin/make/var.c        Wed Aug 24 21:03:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: var.c,v 1.1030 2022/08/24 20:22:10 rillig Exp $        */
+/*     $NetBSD: var.c,v 1.1031 2022/08/24 21:03:57 rillig Exp $        */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -139,7 +139,7 @@
 #include "metachar.h"
 
 /*     "@(#)var.c      8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: var.c,v 1.1030 2022/08/24 20:22:10 rillig Exp $");
+MAKE_RCSID("$NetBSD: var.c,v 1.1031 2022/08/24 21:03:57 rillig Exp $");
 
 /*
  * Variables are defined using one of the VAR=value assignments.  Their
@@ -2740,7 +2740,7 @@
        int nest = 0;
        const char *p;
        for (p = mod + 1; *p != '\0' && !(*p == ':' && nest == 0); p++) {
-               if (*p == '\\' &&
+               if (*p == '\\' && p[1] != '\0' &&
                    (IsDelimiter(p[1], ch) || p[1] == ch->startc)) {
                        if (!needSubst)
                                copy = true;



Home | Main Index | Thread Index | Old Index