forked from kiss-community/repo
53 lines
1.4 KiB
Diff
53 lines
1.4 KiB
Diff
|
|
Upstream commit:
|
|
|
|
awk: fix read beyond end of buffer
|
|
Commit 7d06d6e18 (awk: fix printf %%) can cause awk printf to read
|
|
beyond the end of a strduped buffer:
|
|
|
|
2349 while (*f && *f != '%')
|
|
2350 f++;
|
|
2351 c = *++f;
|
|
|
|
If the loop terminates because a NUL character is detected the
|
|
character after the NUL is read. This can result in failures
|
|
depending on the value of that character.
|
|
|
|
function old new delta
|
|
awk_printf 672 665 -7
|
|
|
|
Signed-off-by: Ron Yorston <rmy@pobox.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
|
|
diff --git a/editors/awk.c b/editors/awk.c
|
|
index 3adbca7..02c26d7 100644
|
|
--- a/editors/awk.c
|
|
+++ b/editors/awk.c
|
|
@@ -2346,12 +2346,21 @@ static char *awk_printf(node *n, size_t *len)
|
|
size_t slen;
|
|
|
|
s = f;
|
|
- while (*f && (*f != '%' || *++f == '%'))
|
|
- f++;
|
|
- while (*f && !isalpha(*f)) {
|
|
- if (*f == '*')
|
|
- syntax_error("%*x formats are not supported");
|
|
+ while (*f && *f != '%')
|
|
f++;
|
|
+ if (*f) {
|
|
+ c = *++f;
|
|
+ if (c == '%') { /* double % */
|
|
+ slen = f - s;
|
|
+ s = xstrndup(s, slen);
|
|
+ f++;
|
|
+ goto tail;
|
|
+ }
|
|
+ while (*f && !isalpha(*f)) {
|
|
+ if (*f == '*')
|
|
+ syntax_error("%*x formats are not supported");
|
|
+ f++;
|
|
+ }
|
|
}
|
|
c = *f;
|
|
if (!c) {
|