[BusyBox 0001337]: busybox's awk crashes when 'printf' handles '*' qualifier

bugs at busybox.net bugs at busybox.net
Wed May 9 21:58:09 UTC 2007


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=1337 
====================================================================== 
Reported By:                ykaliuta
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   1337
Category:                   Other
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             05-07-2007 07:22 PDT
Last Modified:              05-09-2007 14:58 PDT
====================================================================== 
Summary:                    busybox's awk crashes when 'printf' handles '*'
qualifier
Description: 
$ ./busybox awk 'END{ printf "%*s\n",  tttt }' < /dev/null
Segmentation fault (core dumped)

====================================================================== 

---------------------------------------------------------------------- 
 vda - 05-07-07 14:51  
---------------------------------------------------------------------- 
Actually, GNU awk won't be happy either:

# /usr/bin/awk 'END{ printf "%*s\n",  tttt }' < /dev/null; echo $?
awk: fatal: not enough arguments to satisfy format string
        `%*s
'
          ^ ran out for this one

# /usr/bin/awk --version
GNU Awk 3.1.5
Copyright (C) 1989, 1991-2005 Free Software Foundation.

What do you prefer, nice(r) error msg instead of SEGV?


For the record, SEGV happens here:
last sprintf gets format "%*s" but only one argument "" intead of
(int,char*) pair it expects.

static char *awk_printf(node *n)
{
        char *b = NULL;
        char *fmt, *s, *f;
        const char *s1;
        int i, j, incr, bsize;
        char c, c1;
        var *v, *arg;

        v = nvalloc(1);
        fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), v)));

        i = 0;
        while (*f) {
                s = f;
                while (*f && (*f != '%' || *(++f) == '%'))
                        f++;
                while (*f && !isalpha(*f))
                        f++;

                incr = (f - s) + MAXVARFMT;
                qrealloc(&b, incr + i, &bsize);
                c = *f;
                if (c != '\0') f++;
                c1 = *f;
                *f = '\0';
                arg = evaluate(nextarg(&n), v);

                j = i;
                if (c == 'c' || !c) {
                        i += sprintf(b+i, s, is_numeric(arg) ?
                                        (char)getvar_i(arg) :
*getvar_s(arg));

                } else if (c == 's') {
                        s1 = getvar_s(arg);
                        qrealloc(&b, incr+i+strlen(s1), &bsize);
// b='' i=0, bsize=443 242 s='%*s' s1=''
                        i += sprintf(b+i, s, s1); 

---------------------------------------------------------------------- 
 ykaliuta - 05-08-07 09:08  
---------------------------------------------------------------------- 
Ok :)

$ gawk 'END{printf "%0*d%*s\n", a, b, c, "aa"}'  < /dev/null
0aa
$ busybox awk 'END{printf "%0*d%*s\n", a, b, c, "aa"}'  < /dev/null
Segmentation fault

In any case, I think that yes, the main problem is SIGSEGV. 

---------------------------------------------------------------------- 
 vda - 05-09-07 14:58  
---------------------------------------------------------------------- 
Minimally fixed in rev 18596 (will error out instead of SEGVing). Thanks. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
05-07-07 07:22  ykaliuta       New Issue                                    
05-07-07 07:22  ykaliuta       Status                   new => assigned     
05-07-07 07:22  ykaliuta       Assigned To               => BusyBox         
05-07-07 14:51  vda            Note Added: 0002343                          
05-08-07 09:08  ykaliuta       Note Added: 0002346                          
05-09-07 14:58  vda            Status                   assigned => closed  
05-09-07 14:58  vda            Note Added: 0002351                          
======================================================================




More information about the busybox-cvs mailing list