[git commit] awk: fix read beyond end of buffer
Denys Vlasenko
vda.linux at googlemail.com
Thu Sep 9 16:12:21 UTC 2021
commit: https://git.busybox.net/busybox/commit/?id=305a30d80b63e06d312c9d98ae73934ae143e564
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Commit 7d06d6e18 (awk: fix printf %%) can cause awk printf to read
beyond the end of a strduped buffer:
2349 while (*f && *f != '%')
2350 f++;
2351 c = *++f;
If the loop terminates because a NUL character is detected the
character after the NUL is read. This can result in failures
depending on the value of that character.
function old new delta
awk_printf 672 665 -7
Signed-off-by: Ron Yorston <rmy at pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
editors/awk.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/editors/awk.c b/editors/awk.c
index f7b8ef0d3..3594717b1 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -2348,17 +2348,19 @@ static char *awk_printf(node *n, size_t *len)
s = f;
while (*f && *f != '%')
f++;
- c = *++f;
- if (c == '%') { /* double % */
- slen = f - s;
- s = xstrndup(s, slen);
- f++;
- goto tail;
- }
- while (*f && !isalpha(*f)) {
- if (*f == '*')
- syntax_error("%*x formats are not supported");
- f++;
+ if (*f) {
+ c = *++f;
+ if (c == '%') { /* double % */
+ slen = f - s;
+ s = xstrndup(s, slen);
+ f++;
+ goto tail;
+ }
+ while (*f && !isalpha(*f)) {
+ if (*f == '*')
+ syntax_error("%*x formats are not supported");
+ f++;
+ }
}
c = *f;
if (!c) {
More information about the busybox-cvs
mailing list