bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gawk: do_match() invalid read

From: Aharon Robbins
Subject: Re: gawk: do_match() invalid read
Date: Fri, 12 Jan 2007 14:17:08 +0200 
Greetings. I have applied this patch. I have just pushed my CVS repository
out to the machine from which Savannah gets it. It should be showing up
there very soon.

I have also updated gawk to current Autoconf, Automake, and gettext and
synchronized the files from glibc with glibc.

Thanks!

Arnold

> Date: Mon, 18 Dec 2006 18:38:13 +0300
> From: "Dmitry V. Levin" <address@hidden>
> Subject: gawk: do_match() invalid read
> To: address@hidden
>
> Hi,
>
> Due to missing mounds check, do_match() may do invalid read in multibyte
> locales:
>
> $ printf '\n\n' |env -i gawk '{print match(""," *")}'
> 1
> 1
> $ printf '\n\n' |env -i LC_ALL=3Dru_RU.UTF-8 gawk '{print match(""," *")}'
> -1208299079
> 134843273
>
> As you see, match() output in multibyte locale is wrong; valgrind reports
> about "Invalid read of size 4". =20
>
> Proposed fix is attached.
>
>
> --=20
> ldv
>
> --SWTRyWv/ijrBap1m
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="gawk-3.1.5-alt-do_match.diff"
> Content-Transfer-Encoding: quoted-printable
>
> 2006-12-18  Dmitry V. Levin <address@hidden>
>
>       * builtin.c (do_match): In addition to "gawk_mb_cur_max > 1" check,
>       check for positive string length.
>
> Index: builtin.c
> ===================================================================
> RCS file: /sources/gawk/gawk-stable/builtin.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 builtin.c
> --- builtin.c 30 Nov 2006 13:56:39 -0000      1.3
> +++ builtin.c 18 Dec 2006 14:56:56 -0000
> @@ -2020,7 +2020,7 @@ do_match(NODE *tree)
>  
>               rlength = REEND(rp, t1->stptr) - RESTART(rp, t1->stptr);        
> /* byte lengt> h */
>  #ifdef MBS_SUPPORT
> -             if (gawk_mb_cur_max > 1) {
> +             if (rlength > 0 && gawk_mb_cur_max > 1) {
>                       t1 = str2wstr(t1, & wc_indices);
>                       rlength = wc_indices[rstart + rlength - 1] - 
> wc_indices[rstart] + 1;
>                       rstart = wc_indices[rstart];
> @@ -2046,7 +2046,7 @@ do_match(NODE *tree)
>                                       subpat_start = s;
>                                       subpat_len = len = SUBPATEND(rp, 
> t1->stptr, ii) - s;
>  #ifdef MBS_SUPPORT
> -                                     if (gawk_mb_cur_max > 1) {
> +                                     if (len > 0 && gawk_mb_cur_max > 1) {
>                                               subpat_start = wc_indices[s];
>                                               subpat_len = wc_indices[s + len 
> - 1] - subpat_start + 1;
>                                       }
>
> --SWTRyWv/ijrBap1m--
reply via email to
[Prev in Thread] Current Thread [Next in Thread]