From nobody Wed Oct 05 23:48:33 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MjWVT5ypVz4Ty06; Wed, 5 Oct 2022 23:48:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MjWVT5TGjz3Rfw; Wed, 5 Oct 2022 23:48:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665013713; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4eTmDuamdtjQYBYGyiQQUDlbCJInppJKSCiaTck0fmQ=; b=I9lP/Cu36Y6ukbHvk6oMzB9+YV1TzEp9M8bLvHm/bJyTbkmeKyf172kNU4B7WfQ5D+f9l0 pADjr5uNLLRot8SiyojEnH36hX/rkJM2cYS12VGeb3d5MidnyHMRN+MyXVC1SLOuUhBIKb CJY5kgAXniF4hII+FfOeiBbSgMtscHYgfG1HLlI3xFXOPvHOZ3C0bdp5VSPOfLMdkrpvu1 uQ71SBm7Z7hhRsOHgYPRqvfuEQQWRzDfWObPsKGqIszw+p9eZVDoSo5cIyYJrirS4n9jno NTZ8FusYHBXzzEHvbPIC/f8zQYOh0PhMTocmrE3h9nOfcqWqeBb3775DC0J3tg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MjWVT4b4kz14D3; Wed, 5 Oct 2022 23:48:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 295NmX8R087309; Wed, 5 Oct 2022 23:48:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 295NmXwj087308; Wed, 5 Oct 2022 23:48:33 GMT (envelope-from git) Date: Wed, 5 Oct 2022 23:48:33 GMT Message-Id: <202210052348.295NmXwj087308@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: ba86cffb2840 - main - rs: Fix some pointer arith UB. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ba86cffb2840e12b5d72453d7c574850a76001d8 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665013713; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4eTmDuamdtjQYBYGyiQQUDlbCJInppJKSCiaTck0fmQ=; b=vrGj8DZx7u8sDdLEBD/g818OY642f1tugqcfCQfkmeGLdSLYBd8ZYdyFn74hMb9p7g/BDs 8J+2yzRmxSdyTrHQStSRvBVe2l93X49jFackz3UqHcFMd4gCgxJapx48ajUgs0Q32zknOt PSlj/a8UlsZ1Dr0XJiq5c/ou+QaRGaf1bKm3GYpjh5QoqhQf03SjPN1vX4fXCxUgLzBUYY SwY+zHNy7+dRLNuFcV9vEBDzCIH1CK18r+o5dz6mScA34QdKCC8oFCjti+F3nDOHNqBeXe KB5YGe17L6kDxIntGUQCfzcyslek13/cH7VED3grAP8vraTFkkWu3pm0qn+yXQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665013713; a=rsa-sha256; cv=none; b=Ay5xGZd2tuTt69M7/LnykRpDFOc2YV+8ZEex35iJgT9lUWvuQJKAk8Fgfo5BYhPD4M4SzK xV6qPNkC6xz8h3gExjvilXc9/Ig5NmIT7u9AnU6nuKKAQ2Q9Td4L+S80vPctDtBM62uLJl mMb4J0kkopGjDMZREcZ7l46ZAbZqCB6MvMtVxm/sbdd88Gal9HYuXvx/BWcgUWF+XuGUIa qzXEw8uS6MZ20pAJ+CG++V4jpvVclusZwkmBljFugSmZxBd00S4GbhFo7cS6l/XdGdKbps YBpc5CVju7F5bAYFKJpEEVAdimpMIsbm0280uMWDiVtfsUGtRdaq176UNP5J8Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=ba86cffb2840e12b5d72453d7c574850a76001d8 commit ba86cffb2840e12b5d72453d7c574850a76001d8 Author: John Baldwin AuthorDate: 2022-10-05 23:48:05 +0000 Commit: John Baldwin CommitDate: 2022-10-05 23:48:05 +0000 rs: Fix some pointer arith UB. If the next column was blank, then the length of the following entry was computed as the end of the following entry minus a global variable "blank" which is not in the same string or allocation. Instead, save the start value of 'p' explicitly instead of abusing '*ep'. Possibly we should just increment p before saving it in sp in the 'blank' case, but at worst that would just mean maxlen might be one char too large which should be harmless. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D36832 --- usr.bin/rs/rs.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.bin/rs/rs.c b/usr.bin/rs/rs.c index 557c5b9f56c0..046bdc125f00 100644 --- a/usr.bin/rs/rs.c +++ b/usr.bin/rs/rs.c @@ -114,10 +114,11 @@ main(int argc, char *argv[]) static void getfile(void) { - char *p; + char *p, *sp; char *endp; char **ep; int c; + int len; int multisep = (flags & ONEISEPONLY ? 0 : 1); int nullpad = flags & NULLPAD; char **padto; @@ -159,11 +160,13 @@ getfile(void) *ep = blank; else /* store column entry */ *ep = p; + sp = p; while (p < endp && *p != isep) p++; /* find end of entry */ *p = '\0'; /* mark end of entry */ - if (maxlen < p - *ep) /* update maxlen */ - maxlen = p - *ep; + len = p - sp; + if (maxlen < len) /* update maxlen */ + maxlen = len; INCR(ep); /* prepare for next entry */ } irows++; /* update row count */