bin/72370: awk in -current dumps core
Giorgos Keramidas
keramida at freebsd.org
Wed Oct 6 03:30:29 PDT 2004
The following reply was made to PR bin/72370; it has been noted by GNATS.
From: Giorgos Keramidas <keramida at freebsd.org>
To: Joseph Koshy <jkoshy at freebsd.org>
Cc: "David O'Brien" <obrien at freebsd.org>, bug-followup at freebsd.org
Subject: Re: bin/72370: awk in -current dumps core
Date: Wed, 6 Oct 2004 13:22:26 +0300
On 2004-10-06 06:06, Giorgos Keramidas <keramida at freebsd.org> wrote:
> What you see below:
> > $ echo | /4/usr/bin/awk '{ x = 2147483647; print $x }'
> > *blank line*
> > $ echo | /5/usr/bin/awk '{ x = 2147483648; print $x }'
> > /5/usr/bin/awk: trying to access field -2147483648
> > input record number 1, file
> > source line number 1
>
> is a result of the fieldaddr() function in lib.c, which does:
>
> 378 Cell *fieldadr(int n) /* get nth field */
> 379 {
> 380 if (n < 0)
> 381 FATAL("trying to access field %d", n);
> 382 if (n > nfields) /* fields after NF are empty */
> 383 growfldtab(n); /* but does not increase NF */
> 384 return(fldtab[n]);
> 385 }
>
> so negative field numbers are warned about but field numbers greater than the
> existing fields are silently converted to empty strings.
The overflow shown above can be fixed with this minor patch:
: Index: run.c
: ===================================================================
: RCS file: /home/ncvs/src/contrib/one-true-awk/run.c,v
: retrieving revision 1.1.1.7
: diff -u -u -r1.1.1.7 run.c
: --- run.c 8 Feb 2004 21:32:21 -0000 1.1.1.7
: +++ run.c 6 Oct 2004 10:18:17 -0000
: @@ -26,6 +26,7 @@
: #include <stdio.h>
: #include <ctype.h>
: #include <setjmp.h>
: +#include <limits.h>
: #include <math.h>
: #include <string.h>
: #include <stdlib.h>
: @@ -705,12 +706,16 @@
:
: Cell *indirect(Node **a, int n) /* $( a[0] ) */
: {
: + Awkfloat val;
: Cell *x;
: int m;
: char *s;
:
: x = execute(a[0]);
: - m = (int) getfval(x);
: + val = getfval(x);
: + if ((Awkfloat)INT_MAX < val)
: + FATAL("trying to access field %s", x->nval);
: + m = (int) val;
: if (m == 0 && !is_number(s = getsval(x))) /* suspicion! */
: FATAL("illegal field $(%s), name \"%s\"", s, x->nval);
: /* BUG: can x->nval ever be null??? */
I'm still investigating if something can be done about the other places
where nawk might start accessing field numbers way beyond the limits of
INT_MAX. Its source is fairly complicated for my limited C knowledge
though, so don't hold your breath.
- Giorgos
More information about the freebsd-bugs
mailing list