diff options
| author | Brian Foley <bpfoley@google.com> | 2019-09-05 10:53:21 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2019-09-05 10:53:21 +0200 |
| commit | 10509a70ee5c28800d23bf891b4f72603447e364 (patch) | |
| tree | a6a44ba6e4f4cc71257a6894494c62f827f0d7ce | |
| parent | b64470be177314e8473fae6c32cab51cacb89fa7 (diff) | |
| download | busybox-w32-10509a70ee5c28800d23bf891b4f72603447e364.tar.gz busybox-w32-10509a70ee5c28800d23bf891b4f72603447e364.tar.bz2 busybox-w32-10509a70ee5c28800d23bf891b4f72603447e364.zip | |
dc: Parse error & fix out of bounds read in xc_program_printString
function old new delta
xc_program_print 712 735 +23
Signed-off-by: Brian Foley <bpfoley@google.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | miscutils/bc.c | 6 | ||||
| -rwxr-xr-x | testsuite/dc.tests | 20 |
2 files changed, 24 insertions, 2 deletions
diff --git a/miscutils/bc.c b/miscutils/bc.c index 016300ac1..e492f0f50 100644 --- a/miscutils/bc.c +++ b/miscutils/bc.c | |||
| @@ -5456,11 +5456,13 @@ static void xc_program_printString(const char *str) | |||
| 5456 | char *n; | 5456 | char *n; |
| 5457 | 5457 | ||
| 5458 | c = *str++; | 5458 | c = *str++; |
| 5459 | n = strchr(esc, c); // note: c can be NUL | 5459 | n = strchr(esc, c); // note: if c is NUL, n = \0 at end of esc |
| 5460 | if (!n) { | 5460 | if (!n || !c) { |
| 5461 | // Just print the backslash and following character | 5461 | // Just print the backslash and following character |
| 5462 | bb_putchar('\\'); | 5462 | bb_putchar('\\'); |
| 5463 | ++G.prog.nchars; | 5463 | ++G.prog.nchars; |
| 5464 | // But if we're at the end of the string, stop | ||
| 5465 | if (!c) break; | ||
| 5464 | } else { | 5466 | } else { |
| 5465 | if (n - esc == 0) // "\n" ? | 5467 | if (n - esc == 0) // "\n" ? |
| 5466 | G.prog.nchars = SIZE_MAX; | 5468 | G.prog.nchars = SIZE_MAX; |
diff --git a/testsuite/dc.tests b/testsuite/dc.tests index 1fc13c201..361bc8459 100755 --- a/testsuite/dc.tests +++ b/testsuite/dc.tests | |||
| @@ -59,6 +59,26 @@ testing "dc: x should work with strings created from a" \ | |||
| 59 | "42\n" \ | 59 | "42\n" \ |
| 60 | "" "" | 60 | "" "" |
| 61 | 61 | ||
| 62 | testing "dc: p should print invalid escapes" \ | ||
| 63 | "dc -e '[\q] p'" \ | ||
| 64 | "\\q\n" \ | ||
| 65 | "" "" | ||
| 66 | |||
| 67 | testing "dc: p should print trailing backslashes" \ | ||
| 68 | "dc -e '[q\] p'" \ | ||
| 69 | "q\\\\\n" \ | ||
| 70 | "" "" | ||
| 71 | |||
| 72 | testing "dc: p should parse/print single backslashes" \ | ||
| 73 | "dc -e '[\] p'" \ | ||
| 74 | "\\\\\n" \ | ||
| 75 | "" "" | ||
| 76 | |||
| 77 | testing "dc: p should print single backslash strings" \ | ||
| 78 | "dc -e '92 a p'" \ | ||
| 79 | "\\\\\n" \ | ||
| 80 | "" "" | ||
| 81 | |||
| 62 | testing "dc read" \ | 82 | testing "dc read" \ |
| 63 | "dc -finput" \ | 83 | "dc -finput" \ |
| 64 | "2\n9\n1\n" \ | 84 | "2\n9\n1\n" \ |