git: e32d04bed890 - stable/12 - awk: Fix subobject out-of-bounds access
Warner Losh
imp at FreeBSD.org
Sat Jul 10 17:12:57 UTC 2021
The branch stable/12 has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=e32d04bed89057c54147db931fa544bb601f48ac
commit e32d04bed89057c54147db931fa544bb601f48ac
Author: Alex Richardson <arichardson at FreeBSD.org>
AuthorDate: 2020-09-21 19:03:07 +0000
Commit: Warner Losh <imp at FreeBSD.org>
CommitDate: 2021-07-10 17:11:15 +0000
awk: Fix subobject out-of-bounds access
When matching a regex with ^, it would attempt to access
gototab[NSTATES][NCHARS+2], and therefore access the state for the \002
character instead. This change is required to run awk under CHERI (with
sub-object bounds) and when running with UBSan instrumentation.
This was committed upstream as https://github.com/onetrueawk/awk/commit/cbf924342b63a095a4c6842280c3085b1b63ae45
Found by: CHERI (with subobject bounds enabled)
Obtained from: CheriBSD
Reviewed By: imp
Differential Revision: https://reviews.freebsd.org/D26509
(cherry picked from commit ae692c42cb46a5e72772070070840b15dd5d6bd8)
---
contrib/one-true-awk/awk.h | 4 +++-
contrib/one-true-awk/b.c | 2 --
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/contrib/one-true-awk/awk.h b/contrib/one-true-awk/awk.h
index b16c2f36f828..31d070aecddc 100644
--- a/contrib/one-true-awk/awk.h
+++ b/contrib/one-true-awk/awk.h
@@ -218,6 +218,8 @@ extern int pairstack[], paircnt;
#define NCHARS (256+3) /* 256 handles 8-bit chars; 128 does 7-bit */
/* watch out in match(), etc. */
#define NSTATES 32
+#define HAT (NCHARS+2) /* matches ^ in regular expr */
+ /* NCHARS is 2**n */
typedef struct rrow {
long ltype; /* long avoids pointer warnings on 64-bit */
@@ -230,7 +232,7 @@ typedef struct rrow {
} rrow;
typedef struct fa {
- uschar gototab[NSTATES][NCHARS];
+ uschar gototab[NSTATES][HAT + 1];
uschar out[NSTATES];
uschar *restr;
int *posns[NSTATES];
diff --git a/contrib/one-true-awk/b.c b/contrib/one-true-awk/b.c
index 4de746fa087f..0cdcf30a972e 100644
--- a/contrib/one-true-awk/b.c
+++ b/contrib/one-true-awk/b.c
@@ -37,8 +37,6 @@ __FBSDID("$FreeBSD$");
#include "awk.h"
#include "ytab.h"
-#define HAT (NCHARS+2) /* matches ^ in regular expr */
- /* NCHARS is 2**n */
#define MAXLIN 22
#define type(v) (v)->nobj /* badly overloaded here */
More information about the dev-commits-src-branches
mailing list