bin/72370: awk in -current dumps core

Wed Oct 6 03:30:29 PDT 2004

The following reply was made to PR bin/72370; it has been noted by GNATS.

From: Giorgos Keramidas <keramida at freebsd.org>
To: Joseph Koshy <jkoshy at freebsd.org>
Cc: "David O'Brien" <obrien at freebsd.org>, bug-followup at freebsd.org
Subject: Re: bin/72370: awk in -current dumps core
Date: Wed, 6 Oct 2004 13:22:26 +0300

 On 2004-10-06 06:06, Giorgos Keramidas <keramida at freebsd.org> wrote:
 > What you see below:
 > > $ echo | /4/usr/bin/awk '{ x = 2147483647; print $x }'
 > > *blank line*
 > > $ echo | /5/usr/bin/awk '{ x = 2147483648; print $x }'
 > > /5/usr/bin/awk: trying to access field -2147483648
 > > input record number 1, file
 > > source line number 1
 >
 > is a result of the fieldaddr() function in lib.c, which does:
 >
 >     378 Cell *fieldadr(int n)   /* get nth field */
 >     379 {
 >     380         if (n < 0)
 >     381                 FATAL("trying to access field %d", n);
 >     382         if (n > nfields)        /* fields after NF are empty */
 >     383                 growfldtab(n);  /* but does not increase NF */
 >     384         return(fldtab[n]);
 >     385 }
 >
 > so negative field numbers are warned about but field numbers greater than the
 > existing fields are silently converted to empty strings.

 The overflow shown above can be fixed with this minor patch:

 : Index: run.c
 : ===================================================================
 : RCS file: /home/ncvs/src/contrib/one-true-awk/run.c,v
 : retrieving revision 1.1.1.7
 : diff -u -u -r1.1.1.7 run.c
 : --- run.c       8 Feb 2004 21:32:21 -0000       1.1.1.7
 : +++ run.c       6 Oct 2004 10:18:17 -0000
 : @@ -26,6 +26,7 @@
 :  #include <stdio.h>
 :  #include <ctype.h>
 :  #include <setjmp.h>
 : +#include <limits.h>
 :  #include <math.h>
 :  #include <string.h>
 :  #include <stdlib.h>
 : @@ -705,12 +706,16 @@
 :
 :  Cell *indirect(Node **a, int n)        /* $( a[0] ) */
 :  {
 : +       Awkfloat val;
 :         Cell *x;
 :         int m;
 :         char *s;
 :
 :         x = execute(a[0]);
 : -       m = (int) getfval(x);
 : +       val = getfval(x);
 : +       if ((Awkfloat)INT_MAX < val)
 : +               FATAL("trying to access field %s", x->nval);
 : +       m = (int) val;
 :         if (m == 0 && !is_number(s = getsval(x)))       /* suspicion! */
 :                 FATAL("illegal field $(%s), name \"%s\"", s, x->nval);
 :                 /* BUG: can x->nval ever be null??? */

 I'm still investigating if something can be done about the other places
 where nawk might start accessing field numbers way beyond the limits of
 INT_MAX.  Its source is fairly complicated for my limited C knowledge
 though, so don't hold your breath.

 - Giorgos