From bugzilla at busybox.net Mon Dec 4 14:55:38 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Mon, 04 Dec 2023 14:55:38 +0000
Subject: [Bug 15880] New: [busybox 1.36.1] use-after-free in awk
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15880
Bug ID: 15880
Summary: [busybox 1.36.1] use-after-free in awk
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: zclin21 at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9685
--> https://bugs.busybox.net/attachment.cgi?id=9685&action=edit
POC file
Hi, busybox developers,
We found a use-after-free vulnerability in awk applet of busybox v1.36.1. The
affected component is awk.c:1023 in getvar_i function. Following is the
reproduction process, and we put the poc file in the attachment.
[1.] Environment
Ubuntu 18.04, 64 bit
BusyBox 1.36.1
Clang 6.0.0
[2.] Compilation
2.1 Modify the Makefile:
HOSTCC=clang -fsanitize=address
HOSTCXX=clang++ -fsanitize=address
CC=clang
CFLAGS=-fsanitize=address
CPPFLAGS=-fsanitize=address
LDFLAGS="-Wl,--allow-multiple-definition"
2.2 Modify the Config.in file, switch the following configs to y?
DEBUG: y
DEBUG_PESSIMIZE: y
FEATURE_CLEAN_UP: y
DEBUG_SANITIZE: y
2.3 Commands for compilation:
export ASAN_OPTIONS=detect_leaks=0
make defconfig
make install
[3.] Reproduction
export ASAN_OPTIONS="abort_on_error=1 symbolize=0"
./busybox_unstripped awk -f $poc ./awk_t1_input
[ASAN report]:
==13107==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000003260
at pc 0x000000e5b7b4 bp 0x7ffc4399b170 sp 0x7ffc4399b168
READ of size 4 at 0x606000003260 thread T0
#0 0xe5b7b3
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe5b7b3)
#1 0xe641e2
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe641e2)
#2 0xe5fcf2
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe5fcf2)
#3 0xe497e3
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe497e3)
#4 0xe4062d
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe4062d)
#5 0x50ac81
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x50ac81)
#6 0x50dbaf
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x50dbaf)
#7 0x51036d
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x51036d)
#8 0x50db58
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x50db58)
#9 0x50c3fd
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x50c3fd)
#10 0x7f9c0a88bc86 (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#11 0x41e459
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x41e459)
0x606000003260 is located 0 bytes inside of 64-byte region
[0x606000003260,0x6060000032a0)
freed by thread T0 here:
#0 0x4dc500
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x4dc500)
#1 0xe7f4ca
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe7f4ca)
#2 0xe4886f
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe4886f)
#3 0xe4062d
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe4062d)
#4 0x50ac81
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x50ac81)
previously allocated by thread T0 here:
#0 0x4dc6d0
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x4dc6d0)
#1 0x519df2
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x519df2)
#2 0xe4886f
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe4886f)
#3 0xe4062d
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe4062d)
#4 0x50ac81
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0x50ac81)
SUMMARY: AddressSanitizer: heap-use-after-free
(/home/zclin/afl-vul-score/llvm_mode/research/path-collect-all-new-0524/path-collect-all-new/busybox/reproduce/busybox-1_36_1/fuzz_check/awk/busybox_unstripped+0xe5b7b3)
[line number]:
addr2line -e ./busybox_unstripped 0xe5b7b3
.../busybox-1_36_1/editors/awk.c:1023
Best wishes,
Zclin
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Mon Dec 4 14:56:21 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Mon, 04 Dec 2023 14:56:21 +0000
Subject: [Bug 15880] [busybox 1.36.1] use-after-free in awk
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15880
--- Comment #1 from zclin ---
Created attachment 9688
--> https://bugs.busybox.net/attachment.cgi?id=9688&action=edit
awk_t1_input file
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sat Dec 9 17:30:31 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sat, 09 Dec 2023 17:30:31 +0000
Subject: [Bug 15883] New: [question] how to have the console log by ssh ?
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15883
Bug ID: 15883
Summary: [question] how to have the console log by ssh ?
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: dark_footix at yahoo.fr
CC: busybox-cvs at busybox.net
Target Milestone: ---
Hello Busybox,
I am connecting to a device by a port serial (1), and there is the boot
log/console.
When I connect to the device with the ssh (2), it s a new session and I don't
have the log (1), if I used dmesg, I have the partial log ( mainly the kernel
logs ), but I don't have the full one
What is the most efficient way to have the full boot log by ssh ? and interact
with it? as have back the first shell session?
Is there a tips busybox to do it ??
Currently, I can by (1) launch my prog with a redirection to a file, and read
it from the ssh, but it s not perfect, because it should be done on all
processes...
How could I have the full /dev/console from ssh?
Thank for your support
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Dec 10 16:10:57 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 10 Dec 2023 16:10:57 +0000
Subject: [Bug 15886] New: awk handling first line of input properly
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15886
Bug ID: 15886
Summary: awk handling first line of input properly
Product: Busybox
Version: 1.35.x
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: ocbb23b at slowpine.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
root at clean2305:~# (echo a 1 ; echo b ) | awk '$2 != 0'
a 1
b
root at clean2305:~# (echo a ; echo b) | awk '$2 != 0'
b
root at clean2305:~# (echo a) | awk '$2 != 0'
BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) multi-call binary.
Embedded in OpenWrt 23.05.0
Same problem also seen in 21.02 versions of OpenWrt
I get the correct expected output from Ubuntu gawk and Debian mawk
will at dev:~$ (echo a ; echo b) | awk '$3 != 0'
a
b
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Dec 10 16:12:39 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 10 Dec 2023 16:12:39 +0000
Subject: [Bug 15886] awk mishandling first line of input
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15886
ocbb23b at slowpine.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|awk handling first line of |awk mishandling first line
|input properly |of input
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Tue Dec 12 12:23:46 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Tue, 12 Dec 2023 12:23:46 +0000
Subject: [Bug 15886] awk mishandling first line of input
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15886
--- Comment #1 from ocbb23b at slowpine.com ---
root at clean2305:~# (echo a; echo b) | awk 'BEGIN {ignore=$1} $2 != 0'
b
root at clean2305:~# (echo a; echo b) | awk 'BEGIN {ignore=$4} $2 != 0'
a
b
root at clean2305:~#
This is another example of the problem. Note that if we reference $4, then the
initialisation is done right for the first line
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Tue Dec 12 13:10:14 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Tue, 12 Dec 2023 13:10:14 +0000
Subject: [Bug 15886] awk: improperly initialised field reference
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15886
ocbb23b at slowpine.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|awk mishandling first line |awk: improperly initialised
|of input |field reference
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 20 06:58:49 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 20 Dec 2023 06:58:49 +0000
Subject: [Bug 15751] `time` function reports more `maxrss` usage than GNU time
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15751
--- Comment #2 from herano1999 at gmail.com ---
(In reply to Wesley Moore from comment #1)
Thanks for your information. I've checked the code of GNU time[1] and found
that the reporting unit depends on the OS[2]. So the busybox's implementation
here may be wrong.
[1] https://git.savannah.gnu.org/cgit/time.git/tree/src/time.c
[2] https://git.savannah.gnu.org/cgit/time.git/tree/configure.ac#n77
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 20 07:03:12 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 20 Dec 2023 07:03:12 +0000
Subject: [Bug 15751] `time` function reports more `maxrss` usage than GNU time
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15751
--- Comment #3 from Wesley Moore ---
(In reply to herano1999 from comment #2)
> So the busybox's implementation here may be wrong.
Yep that's what I was pointing out in my comment above.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Dec 24 16:27:54 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 24 Dec 2023 16:27:54 +0000
Subject: [Bug 15901] New: Compile warnings
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15901
Bug ID: 15901
Summary: Compile warnings
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: oppiet35 at yahoo.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
CC miscutils/i2c_tools.o
miscutils/i2c_tools.c: In function ?list_i2c_busses_and_exit?:
miscutils/i2c_tools.c:1152:46: warning: ?%s? directive output may be truncated
writing up to 255 bytes into a region of size 236 [-Wformat-truncation=]
1152 | snprintf(path, NAME_MAX, "%s/%s/name",
| ^~
miscutils/i2c_tools.c:1152:17: note: ?snprintf? output between 25 and 280 bytes
into a destination of size 255
1152 | snprintf(path, NAME_MAX, "%s/%s/name",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1153 | i2cdev_path, de->d_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~
miscutils/i2c_tools.c:1157:38: warning: ?%s? directive output may be truncated
writing up to 255 bytes into a region of size 236 [-Wformat-truncation=]
1157 | "%s/%s/device/name",
| ^~
miscutils/i2c_tools.c:1156:25: note: ?snprintf? output between 32 and 287 bytes
into a destination of size 255
1156 | snprintf(path, NAME_MAX,
| ^~~~~~~~~~~~~~~~~~~~~~~~
1157 | "%s/%s/device/name",
| ~~~~~~~~~~~~~~~~~~~~
1158 | i2cdev_path, de->d_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~
miscutils/i2c_tools.c:1165:38: warning: ?%s? directive output may be truncated
writing up to 255 bytes into a region of size 236 [-Wformat-truncation=]
1165 | "%s/%s/device/name",
| ^~
miscutils/i2c_tools.c:1164:25: note: ?snprintf? output between 32 and 287 bytes
into a destination of size 255
1164 | snprintf(path, NAME_MAX,
| ^~~~~~~~~~~~~~~~~~~~~~~~
1165 | "%s/%s/device/name",
| ~~~~~~~~~~~~~~~~~~~~
1166 | i2cdev_path, de->d_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~
miscutils/i2c_tools.c:1177:54: warning: ?%s? directive output may be truncated
writing up to 255 bytes into a region of size 236 [-Wformat-truncation=]
1177 |
"%s/%s/device/%s/name",
| ^~
miscutils/i2c_tools.c:1176:41: note: ?snprintf? output between 33 and 543 bytes
into a destination of size 255
1176 | snprintf(path, NAME_MAX,
| ^~~~~~~~~~~~~~~~~~~~~~~~
1177 |
"%s/%s/device/%s/name",
|
~~~~~~~~~~~~~~~~~~~~~~~
1178 | i2cdev_path,
de->d_name,
|
~~~~~~~~~~~~~~~~~~~~~~~~
1179 | subde->d_name);
| ~~~~~~~~~~~~~~
---
CC modutils/modutils.o
modutils/modutils.c: In function ?filename2modname?:
modutils/modutils.c:115:1: warning: function may return address of local
variable [-Wreturn-local-addr]
115 | }
| ^
modutils/modutils.c:94:14: note: declared here
94 | char local_modname[MODULE_NAME_LEN];
| ^~~~~~~~~~~~~
---
CC networking/tftp.o
networking/tftp.c: In function ?tftpd_main?:
networking/tftp.c:886:15: warning: ?local_file? is used uninitialized
[-Wuninitialized]
886 | char *local_file = local_file;
| ^~~~~~~~~~
networking/tftp.c:886:15: note: ?local_file? was declared here
886 | char *local_file = local_file;
| ^~~~~~~~~~
---
CC procps/powertop.o
procps/powertop.c: In function ?read_cstate_counts?:
procps/powertop.c:181:34: warning: ?%s? directive writing up to 255 bytes into
a region of size 171 [-Wformat-overflow=]
181 | sprintf(buf, "%s/%s/power", "/proc/acpi/processor",
d->d_name);
| ^~
procps/powertop.c:181:17: note: ?sprintf? output between 28 and 283 bytes into
a destination of size 192
181 | sprintf(buf, "%s/%s/power", "/proc/acpi/processor",
d->d_name);
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---
CC shell/hush.o
shell/hush.c: In function ?expand_one_var?:
shell/hush.c:6606:15: warning: ?exp_word? is used uninitialized
[-Wuninitialized]
6606 | char *exp_word = exp_word; /* for compiler */
| ^~~~~~~~
shell/hush.c:6606:15: note: ?exp_word? was declared here
6606 | char *exp_word = exp_word; /* for compiler */
| ^~~~~~~~
---
CC util-linux/volume_id/btrfs.o
util-linux/volume_id/btrfs.c: In function ?volume_id_probe_btrfs?:
util-linux/volume_id/btrfs.c:110:34: warning: ?sb? may be used uninitialized
[-Wmaybe-uninitialized]
110 | volume_id_set_uuid(id, sb->fsid, UUID_DCE);
| ~~^~~~~~
util-linux/volume_id/btrfs.c:93:35: note: ?sb? was declared here
93 | struct btrfs_super_block *sb;
| ^~
---
I don't know if you get any logs when compiling or not, but here are the ones
that happen when I compile it.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Dec 24 16:30:10 2023
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 24 Dec 2023 16:30:10 +0000
Subject: [Bug 15901] Compile warnings
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15901
--- Comment #1 from Robert Hinson ---
You don't have version 1.36.1 in the version dropdown, that is why I made it
unspecified.
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Sun Dec 31 14:49:54 2023
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Sun, 31 Dec 2023 15:49:54 +0100
Subject: [git commit] awk: fix handling of empty fields
Message-ID: <20231231145306.66EC683A17@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=789ccac7d9d1a9e433570ac9628992a01f946643
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Patch by M Rubon :
Busybox awk handles references to empty (not provided in the input)
fields differently during the first line of input, as compared to
subsequent lines.
$ (echo a ; echo b) | awk '$2 != 0' #wrong
b
No field $2 value is provided in the input. When awk references field
$2 for the "a" line, it is seen to have a different behaviour than
when it is referenced for the "b" line.
Problem in BusyBox v1.36.1 embedded in OpenWrt 23.05.0
Same problem also in 21.02 versions of OpenWrt
Same problem in BusyBox v1.37.0.git
I get the correct expected output from Ubuntu gawk and Debian mawk,
and from my fix.
will at dev:~$ (echo a ; echo b) | awk '$2 != 0' #correct
a
b
will at dev:~/busybox$ (echo a ; echo b ) | ./busybox awk '$2 != 0' #fixed
a
b
I built and poked into the source code at editors/awk.c The function
fsrealloc(int size) is core to allocating, initializing, reallocating,
and reinitializing fields, both real input line fields and imaginary
fields that the script references but do not exist in the input.
When fsrealloc() needs more field space than it has previously
allocated, it initializes those new fields differently than how they
are later reinitialized for the next input line. This works fine for
fields defined in the input, like $1, but does not work the first time
when there is no input for that field (e.g. field $99)
My one-line fix simply makes the initialization and clrvar()
reinitialization use the same value for .type. I am not sure if there
are regression tests to run, but I have not done those.
I'm not sure if I understand why clrvar() is not setting .type to a
default constant value, but in any case I have left that untouched.
function old new delta
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/0 up/down: 0/0) Total: 0 bytes
Signed-off-by: Denys Vlasenko
---
editors/awk.c | 33 +++++++++++++++++----------------
testsuite/awk.tests | 7 +++++++
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/editors/awk.c b/editors/awk.c
index bc95c4155..aa485c782 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -555,8 +555,9 @@ struct globals {
//we are reusing ahash as fdhash, via define (see later)
const char *g_progname;
int g_lineno;
- int nfields;
- unsigned maxfields;
+ int num_fields; /* number of existing $N's */
+ unsigned num_alloc_fields; /* current size of Fields[] */
+ /* NB: Fields[0] corresponds to $1, not to $0 */
var *Fields;
char *g_pos;
char g_saved_ch;
@@ -631,8 +632,8 @@ struct globals2 {
// for fdhash in execution stage.
#define g_progname (G1.g_progname )
#define g_lineno (G1.g_lineno )
-#define nfields (G1.nfields )
-#define maxfields (G1.maxfields )
+#define num_fields (G1.num_fields )
+#define num_alloc_fields (G1.num_alloc_fields)
#define Fields (G1.Fields )
#define g_pos (G1.g_pos )
#define g_saved_ch (G1.g_saved_ch )
@@ -1966,30 +1967,30 @@ static void fsrealloc(int size)
{
int i, newsize;
- if ((unsigned)size >= maxfields) {
+ if ((unsigned)size >= num_alloc_fields) {
/* Sanity cap, easier than catering for over/underflows */
if ((unsigned)size > 0xffffff)
bb_die_memory_exhausted();
- i = maxfields;
- maxfields = size + 16;
+ i = num_alloc_fields;
+ num_alloc_fields = size + 16;
- newsize = maxfields * sizeof(Fields[0]);
+ newsize = num_alloc_fields * sizeof(Fields[0]);
debug_printf_eval("fsrealloc: xrealloc(%p, %u)\n", Fields, newsize);
Fields = xrealloc(Fields, newsize);
debug_printf_eval("fsrealloc: Fields=%p..%p\n", Fields, (char*)Fields + newsize - 1);
/* ^^^ did Fields[] move? debug aid for L.v getting "upstaged" by R.v in evaluate() */
- for (; i < maxfields; i++) {
- Fields[i].type = VF_SPECIAL;
+ for (; i < num_alloc_fields; i++) {
+ Fields[i].type = VF_SPECIAL | VF_DIRTY;
Fields[i].string = NULL;
}
}
- /* if size < nfields, clear extra field variables */
- for (i = size; i < nfields; i++) {
+ /* if size < num_fields, clear extra field variables */
+ for (i = size; i < num_fields; i++) {
clrvar(Fields + i);
}
- nfields = size;
+ num_fields = size;
}
static int regexec1_nonempty(const regex_t *preg, const char *s, regmatch_t pmatch[])
@@ -2126,7 +2127,7 @@ static void split_f0(void)
/* set NF manually to avoid side effects */
clrvar(intvar[NF]);
intvar[NF]->type = VF_NUMBER | VF_SPECIAL;
- intvar[NF]->number = nfields;
+ intvar[NF]->number = num_fields;
#undef fstrings
}
@@ -2976,7 +2977,7 @@ static var *evaluate(node *op, var *res)
syntax_error(EMSG_TOO_FEW_ARGS);
L.v = evaluate(op1, TMPVAR0);
/* Does L.v point to $n variable? */
- if ((size_t)(L.v - Fields) < maxfields) {
+ if ((size_t)(L.v - Fields) < num_alloc_fields) {
/* yes, remember where Fields[] is */
old_Fields_ptr = Fields;
}
@@ -3517,7 +3518,7 @@ static var *evaluate(node *op, var *res)
res = intvar[F0];
} else {
split_f0();
- if (i > nfields)
+ if (i > num_fields)
fsrealloc(i);
res = &Fields[i - 1];
}
diff --git a/testsuite/awk.tests b/testsuite/awk.tests
index 5a792c241..063084a1c 100755
--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
@@ -592,6 +592,13 @@ testing 'awk gensub backslashes \\0' \
\\0|\\0
' '' ''
+# References to empty (not provided in the input) fields in first versus subsequent lines
+testing 'awk references to empty fields' \
+ 'awk '$sq'$2 != 0'$sq \
+ 'a
+b
+' '' 'a\nb\n'
+
# The "b" in "abc" should not match
commit: https://git.busybox.net/busybox/commit/?id=01e80ff9ebaf42f2fb9b4ddddc75d37bc9a403aa
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
The ru_maxrss is already in Kbytes and not pages.
function old new delta
ptok 21 - -21
time_main 1261 1217 -44
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-65) Total: -65 bytes
fixes: https://bugs.busybox.net/show_bug.cgi?id=15751
Signed-off-by: Natanael Copa
Signed-off-by: Denys Vlasenko
---
miscutils/time.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/miscutils/time.c b/miscutils/time.c
index 5a8fa4c0b..4b1b043c3 100644
--- a/miscutils/time.c
+++ b/miscutils/time.c
@@ -111,6 +111,7 @@ static void printargv(char *const *argv)
} while (*++argv);
}
+#ifdef UNUSED
/* Return the number of kilobytes corresponding to a number of pages PAGES.
(Actually, we use it to convert pages*ticks into kilobytes*ticks.)
@@ -136,6 +137,7 @@ static unsigned long ptok(const unsigned pagesize, const unsigned long pages)
return tmp / 1024; /* then smaller. */
}
#undef pagesize
+#endif /* UNUSED */
/* summarize: Report on the system use of a command.
@@ -250,9 +252,13 @@ static void summarize(const char *fmt, char **command, resource_t *resp)
printargv(command);
break;
case 'D': /* Average unshared data size. */
+ /* (linux kernel sets ru_idrss/isrss/ixrss to 0,
+ * docs say the value is in kbytes, so ptok() is wrong) */
printf("%lu",
- (ptok(pagesize, (UL) resp->ru.ru_idrss) +
- ptok(pagesize, (UL) resp->ru.ru_isrss)) / cpu_ticks);
+ (/*ptok(pagesize,*/ (UL) resp->ru.ru_idrss +
+ (UL) resp->ru.ru_isrss
+ ) / cpu_ticks
+ );
break;
case 'E': { /* Elapsed real (wall clock) time. */
unsigned seconds = resp->elapsed_ms / 1000;
@@ -275,13 +281,17 @@ static void summarize(const char *fmt, char **command, resource_t *resp)
printf("%lu", resp->ru.ru_inblock);
break;
case 'K': /* Average mem usage == data+stack+text. */
+ /* (linux kernel sets ru_idrss/isrss/ixrss to 0,
+ * docs say the value is in kbytes, so ptok() is wrong) */
printf("%lu",
- (ptok(pagesize, (UL) resp->ru.ru_idrss) +
- ptok(pagesize, (UL) resp->ru.ru_isrss) +
- ptok(pagesize, (UL) resp->ru.ru_ixrss)) / cpu_ticks);
+ (/*ptok(pagesize,*/ (UL) resp->ru.ru_idrss +
+ (UL) resp->ru.ru_isrss +
+ (UL) resp->ru.ru_ixrss
+ ) / cpu_ticks
+ );
break;
case 'M': /* Maximum resident set size. */
- printf("%lu", ptok(pagesize, (UL) resp->ru.ru_maxrss));
+ printf("%lu", (UL) resp->ru.ru_maxrss);
break;
case 'O': /* Outputs. */
printf("%lu", resp->ru.ru_oublock);
@@ -334,7 +344,7 @@ static void summarize(const char *fmt, char **command, resource_t *resp)
printf("%lu", resp->ru.ru_nswap);
break;
case 'X': /* Average shared text size. */
- printf("%lu", ptok(pagesize, (UL) resp->ru.ru_ixrss) / cpu_ticks);
+ printf("%lu", /*ptok(pagesize,*/ (UL) resp->ru.ru_ixrss / cpu_ticks);
break;
case 'Z': /* Page size. */
printf("%u", pagesize);
@@ -351,7 +361,7 @@ static void summarize(const char *fmt, char **command, resource_t *resp)
printf("%lu", resp->ru.ru_nsignals);
break;
case 'p': /* Average stack segment. */
- printf("%lu", ptok(pagesize, (UL) resp->ru.ru_isrss) / cpu_ticks);
+ printf("%lu", /*ptok(pagesize,*/ (UL) resp->ru.ru_isrss / cpu_ticks);
break;
case 'r': /* Incoming socket messages received. */
printf("%lu", resp->ru.ru_msgrcv);
@@ -360,7 +370,7 @@ static void summarize(const char *fmt, char **command, resource_t *resp)
printf("%lu", resp->ru.ru_msgsnd);
break;
case 't': /* Average resident set size. */
- printf("%lu", ptok(pagesize, (UL) resp->ru.ru_idrss) / cpu_ticks);
+ printf("%lu", /*ptok(pagesize,*/ (UL) resp->ru.ru_idrss / cpu_ticks);
break;
case 'w': /* Voluntary context switches. */
printf("%lu", resp->ru.ru_nvcsw);