[PATCH] awk: Guard pointer chasing when parsing ternary expressions.
Brian Foley
bpfoley at google.com
Tue Jan 1 21:40:58 UTC 2019
Avoids an uninit pointer deref for some malformed ternary exprs.
Add a test that would crash in busybox before this fix.
Signed-off-by: Brian Foley <bpfoley at google.com>
---
editors/awk.c | 3 ++-
testsuite/awk.tests | 3 +++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/editors/awk.c b/editors/awk.c
index b6d8cf203..f2b8b13eb 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -1265,7 +1265,7 @@ static node *parse_expr(uint32_t iexp)
debug_printf_parse("%s(%x)\n", __func__, iexp);
sn.info = PRIMASK;
- sn.r.n = glptr = NULL;
+ sn.r.n = sn.a.n = glptr = NULL;
xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP | iexp;
while (!((tc = next_token(xtc)) & iexp)) {
@@ -1287,6 +1287,7 @@ static node *parse_expr(uint32_t iexp)
|| ((t_info == vn->info) && ((t_info & OPCLSMASK) == OC_COLON))
) {
vn = vn->a.n;
+ if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
}
if ((t_info & OPCLSMASK) == OC_TERNARY)
t_info += P(6);
diff --git a/testsuite/awk.tests b/testsuite/awk.tests
index 3933fefc9..9f353fc10 100755
--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
@@ -338,6 +338,9 @@ testing "awk continue" \
testing "awk handles invalid for loop" \
"awk '{ for() }' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" ""
+testing "awk handles colon not preceded by ternary" \
+ "awk 'foo:bar:' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" ""
+
# testing "description" "command" "result" "infile" "stdin"
testing 'awk negative field access' \
'awk 2>&1 -- '\''{ $(-1) }'\' \
--
2.17.1
More information about the busybox
mailing list