[Bug 214973] bmake segfault on parenthesized variables.

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214973

            Bug ID: 214973
           Summary: bmake segfault on parenthesized variables.
           Product: Base System
           Version: 11.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: ori at eigenstate.org

Created attachment 177565
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177565&action=edit
Fixes segfault in bmake. Possibly sketchy.

Turns out that I can trivially segfault make with this input:

        (FOO)=val

This happens because in /usr/src/contrib/bmake/parse.c:1862 or
so, we start off with:

        for (depth = 0, cp = line + 1; depth > 0 || *cp != '='; cp++) {

which skips over the opening '(', meaning that when we see the closing ')',
the depth becomes negative, and we never break out of the loop, eventually
reading outside of mapped memory.

Starting off with 'cp = line', as in the attached patch, seems to work,
although I'm a bit suspicious about it breaking some subtle case when
parsing variables.

Still, I tested by:

        cd /usr/src/usr.bin/bmake; make; make install
        cd /usr/src/lib/libc; make clean; make

Seems to work. 'make world' is running now.

-- 
You are receiving this mail because:
You are the assignee for the bug.