bug-gawk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] Core dump in gawk 4.2.0

From: Andrew J. Schorr
Subject: Re: [bug-gawk] Core dump in gawk 4.2.0
Date: Sun, 10 Dec 2017 12:14:46 -0500
User-agent: Mutt/1.5.21 (2010-09-15) 
Oops -- I didn't see your patch before hitting send.  Looks like you're solving
it at the source of the problem, so this is a better solution. On the other
hand -- is it possible for a non-empty internationalized string to translate to
an empty string? If not, might this be a better fix?

diff --git a/awkgram.y b/awkgram.y
index 9f35143..71e2bdb 100644
--- a/awkgram.y
+++ b/awkgram.y
@@ -1722,7 +1722,7 @@ non_post_simp_exp
                                NODE *n = $2->nexti->memory;
                                if ((n->flags & STRING) != 0) {
                                        n->numbr = (AWKNUM) (n->stlen == 0);
-                                       n->flags &= ~(STRCUR|STRING);
+                                       n->flags &= ~(STRCUR|STRING|INTLSTR);
                                        n->flags |= (NUMCUR|NUMBER);
                                        efree(n->stptr);
                                        n->stptr = NULL;

Regards,
Andy

On Sun, Dec 10, 2017 at 10:02:35AM -0700, address@hidden wrote:
> Hi.
> 
> Thanks for sending in a bug report.
> 
> Jeremy Feusi <address@hidden> wrote:
> 
> > I am working on a project for school in which I use afl to find bugs in
> > software and I decided to fuzz gawk. In doing so I disovered a segfault
> > in r_interpret(). Running gdb it appears that on line 140 of interpret.h
> > there is an attempt to access a null address.
> > command:
> > gawk '!_""' <file>
> > where <file> is a file containing at least on character.
> >
> > result:
> > gawk: cmd. line:1: (FILENAME=<file> FNR=1) fatal error: internal error
> > Aborted (core dumped)
> >
> > I am using gawk 4.2.0 on arch linux.
> > cheers
> > Jeremy
> 
> The fix is below. I will get it into the Git repo shortly.
> 
> Thanks,
> 
> Arnold
> ---------------------------------------------------------------
> diff --git a/awkgram.y b/awkgram.y
> index 9f35143..bbc598d 100644
> --- a/awkgram.y
> +++ b/awkgram.y
> @@ -1717,7 +1717,7 @@ non_post_simp_exp
>               } else {
>                       if (do_optimize && $2->nexti == $2->lasti
>                                       && $2->nexti->opcode == Op_push_i
> -                                     && ($2->nexti->memory->flags & 
> (MPFN|MPZN)) == 0
> +                                     && ($2->nexti->memory->flags & 
> (MPFN|MPZN|INTLSTR)) == 0
>                       ) {
>                               NODE *n = $2->nexti->memory;
>                               if ((n->flags & STRING) != 0) {
reply via email to
[Prev in Thread] Current Thread [Next in Thread]