2
0
mirror of https://codeberg.org/kiss-community/repo synced 2025-01-11 13:20:08 -07:00
repo/core/busybox/patches/awk-fix-%%.patch

53 lines
1.4 KiB
Diff
Raw Normal View History

2021-09-10 12:37:40 -06:00
Upstream commit:
awk: fix read beyond end of buffer
Commit 7d06d6e18 (awk: fix printf %%) can cause awk printf to read
beyond the end of a strduped buffer:
2349 while (*f && *f != '%')
2350 f++;
2351 c = *++f;
If the loop terminates because a NUL character is detected the
character after the NUL is read. This can result in failures
depending on the value of that character.
function old new delta
awk_printf 672 665 -7
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-09-10 09:24:41 -06:00
diff --git a/editors/awk.c b/editors/awk.c
2021-09-10 12:29:42 -06:00
index 3adbca7..02c26d7 100644
2021-09-10 09:24:41 -06:00
--- a/editors/awk.c
+++ b/editors/awk.c
2021-09-10 12:29:42 -06:00
@@ -2346,12 +2346,21 @@ static char *awk_printf(node *n, size_t *len)
2021-09-10 09:24:41 -06:00
size_t slen;
2021-09-10 12:37:40 -06:00
2021-09-10 09:24:41 -06:00
s = f;
- while (*f && (*f != '%' || *++f == '%'))
2021-09-10 12:29:42 -06:00
- f++;
- while (*f && !isalpha(*f)) {
- if (*f == '*')
- syntax_error("%*x formats are not supported");
2021-09-10 09:24:41 -06:00
+ while (*f && *f != '%')
f++;
2021-09-10 12:29:42 -06:00
+ if (*f) {
+ c = *++f;
+ if (c == '%') { /* double % */
+ slen = f - s;
+ s = xstrndup(s, slen);
+ f++;
+ goto tail;
+ }
+ while (*f && !isalpha(*f)) {
+ if (*f == '*')
+ syntax_error("%*x formats are not supported");
+ f++;
+ }
}
c = *f;
if (!c) {