[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gawk-diffs] [SCM] gawk branch, feature/stringfix, updated. gawk-4.1.0-2
|
From: |
Andrew J. Schorr |
|
Subject: |
[gawk-diffs] [SCM] gawk branch, feature/stringfix, updated. gawk-4.1.0-2419-g901fa6e |
|
Date: |
Fri, 27 Jan 2017 01:30:31 +0000 (UTC) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gawk".
The branch, feature/stringfix has been updated
via 901fa6ebd5e5fd165f4ad57180e96bd2251d2c04 (commit)
from e1bfc3a49d45024f84f489ac6a7ebcd505ec203a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.sv.gnu.org/cgit/gawk.git/commit/?id=901fa6ebd5e5fd165f4ad57180e96bd2251d2c04
commit 901fa6ebd5e5fd165f4ad57180e96bd2251d2c04
Author: Andrew J. Schorr <address@hidden>
Date: Thu Jan 26 20:30:01 2017 -0500
Fix possible string overrun in node.c:is_hex.
diff --git a/ChangeLog b/ChangeLog
index eaecc5c..a1bfc3a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2017-01-26 Andrew J. Schorr <address@hidden>
+ * node.c (is_hex): Add a new argument pointing to the end of the string
+ so we can check for string overrun.
+ (r_force_number): Pass string end to is_hex.
+
+2017-01-26 Andrew J. Schorr <address@hidden>
+
* awk.h (get_numbase): Add string length argument so we can operate
on unterminated strings.
* awkgram.y: Call get_numbase with string length, and fix off-by-one
diff --git a/node.c b/node.c
index abeadc3..962a650 100644
--- a/node.c
+++ b/node.c
@@ -41,12 +41,13 @@ int (*cmp_numbers)(const NODE *, const NODE *) =
cmp_awknums;
/* is_hex --- return true if a string looks like a hex value */
static bool
-is_hex(const char *str)
+is_hex(const char *str, const char *cpend)
{
+ /* on entry, we know the string length is >= 1 */
if (*str == '-' || *str == '+')
str++;
- if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
+ if (str + 1 < cpend && str[0] == '0' && (str[1] == 'x' || str[1] ==
'X'))
return true;
return false;
@@ -113,7 +114,7 @@ r_force_number(NODE *n)
if ( (! do_posix /* not POSIXLY paranoid and */
&& (is_alpha((unsigned char) *cp) /* letter, or */
/* CANNOT do non-decimal and saw 0x */
- || (! do_non_decimal_data && is_hex(cp))))) {
+ || (! do_non_decimal_data && is_hex(cp, cpend))))) {
goto badnum;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
node.c | 7 ++++---
2 files changed, 10 insertions(+), 3 deletions(-)
hooks/post-receive
--
gawk
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gawk-diffs] [SCM] gawk branch, feature/stringfix, updated. gawk-4.1.0-2419-g901fa6e,
Andrew J. Schorr <=