bin/99985: make(1) crashes with invalid continuation lines
Nate Eldredge
nge at cs.hmc.edu
Wed Aug 2 01:50:33 UTC 2006
The following reply was made to PR bin/99985; it has been noted by GNATS.
From: Nate Eldredge <nge at cs.hmc.edu>
To: bug-followup at FreeBSD.org, ltsampros at upnet.gr
Cc:
Subject: Re: bin/99985: make(1) crashes with invalid continuation lines
Date: Tue, 1 Aug 2006 18:49:49 -0700 (PDT)
Well, here is a patch which fixes this bug. Though I'm a little confused
as to the behavior of the code anyway.
In brk_string in str.c, if expand == 0, a backslash causes itself and the
following character to be copied to the output, without processing. If
the following character is the terminating null, then it won't be noticed,
and we'll march happily beyond the end of the string (and maybe crash, or
maybe not). So this patch fixes that. However, the behavior seems odd in
general. For instance, as it stands the string "foo\ bar" is a single
argument, whereas "foo/ bar" is two args: {"foo/", "bar"}. I don't
understand what the correct semantics should be.
Note the bug has been present since revision 1.3, which apparently was
imported from NetBSD for FreeBSD 2.0.5, back in 1995. In May 2005 we
imported a version from DragonFlyBSD by Max Okumoto, who largely rewrote
the function, keeping the bug intact!
--- /usr/src/usr.bin/make/str.c Mon May 23 06:27:52 2005
+++ str.c Tue Aug 1 18:25:34 2006
@@ -260,8 +260,14 @@
}
} else {
*arg++ = str[0];
- ++str;
- *arg++ = str[0];
+ /*
+ * FIXME: Why does a backslash protect
+ * the next character even with expand=0 ?
+ */
+ if (str[1]) {
+ ++str;
+ *arg++ = str[0];
+ }
}
break;
default:
--
Nate Eldredge
nge at cs.hmc.edu
More information about the freebsd-bugs
mailing list