gawk-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gawk-diffs] [SCM] gawk branch, feature/stringfix, updated. gawk-4.1.0-2

From: Andrew J. Schorr
Subject: [gawk-diffs] [SCM] gawk branch, feature/stringfix, updated. gawk-4.1.0-2422-ge8c6871
Date: Fri, 27 Jan 2017 02:36:23 +0000 (UTC) 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gawk".

The branch, feature/stringfix has been updated
       via  e8c6871e80524e928954b01ff50030a11b2a94eb (commit)
      from  4786c70e08d1856348d1417b863f10861d830d7b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.sv.gnu.org/cgit/gawk.git/commit/?id=e8c6871e80524e928954b01ff50030a11b2a94eb

commit e8c6871e80524e928954b01ff50030a11b2a94eb
Author: Andrew J. Schorr <address@hidden>
Date:   Thu Jan 26 21:36:00 2017 -0500

    Terminate strings in dcgettext, dcngettext, and bindtextdomain functions.

diff --git a/ChangeLog b/ChangeLog
index 3c3fdca..dc31173 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2017-01-26         Andrew J. Schorr     <address@hidden>
 
+       * builtin.c (do_dcgettext): First argument also needs protection
+       from string overrun.
+       (do_dcngettext): Need to terminate string1 and string2 also,
+       and replace strlen(the_result), which could overrun.
+       (do_bindtextdomain): Terminate both string args, and eliminate
+       saved_end boolean which is redundant with (t2 != NULL).
+
+2017-01-26         Andrew J. Schorr     <address@hidden>
+
        * interpret.h (Op_arrayfor_init): Protect against string overrun
        on sorting method.
        (Op_indirect_func_call): Terminate function name.
diff --git a/builtin.c b/builtin.c
index 32062d0..faee54e 100644
--- a/builtin.c
+++ b/builtin.c
@@ -3751,7 +3751,7 @@ do_dcgettext(int nargs)
 #if ENABLE_NLS && defined(LC_MESSAGES) && HAVE_DCGETTEXT
        int lc_cat;
        char *domain;
-       char save;
+       char save, save1;
        bool saved_end = false;
 
        if (nargs == 3) {       /* third argument */
@@ -3782,9 +3782,12 @@ do_dcgettext(int nargs)
 
        t1 = POP_STRING();      /* first argument */
        string = t1->stptr;
+       save1 = string[t1->stlen];
+       string[t1->stlen] = '\0';
 
 #if ENABLE_NLS && defined(LC_MESSAGES) && HAVE_DCGETTEXT
        the_result = dcgettext(domain, string, lc_cat);
+       string[t1->stlen] = save1;
        if (saved_end)
                domain[t2->stlen] = save;
        if (t2 != NULL)
@@ -3805,11 +3808,12 @@ do_dcngettext(int nargs)
        unsigned long number;
        AWKNUM d;
        char *the_result;
+       size_t reslen;
 
 #if ENABLE_NLS && defined(LC_MESSAGES) && HAVE_DCGETTEXT
        int lc_cat;
        char *domain;
-       char save;
+       char save, save1, save2;
        bool saved_end = false;
 
        if (nargs == 5) {       /* fifth argument */
@@ -3851,17 +3855,31 @@ do_dcngettext(int nargs)
 
 #if ENABLE_NLS && defined(LC_MESSAGES) && HAVE_DCGETTEXT
 
+       save1 = string1[t1->stlen];
+       string1[t1->stlen] = '\0';
+       save2 = string2[t2->stlen];
+       string2[t2->stlen] = '\0';
        the_result = dcngettext(domain, string1, string2, number, lc_cat);
+       reslen = strlen(the_result);
+       string1[t1->stlen] = save1;
+       string2[t2->stlen] = save2;
        if (saved_end)
                domain[t3->stlen] = save;
        if (t3 != NULL)
                DEREF(t3);
 #else
-       the_result = (number == 1 ? string1 : string2);
+       if (number == 1) {
+               the_result = string1;
+               reslen = t1->stlen;
+       }
+       else {
+               the_result = string2;
+               reslen = t2->stlen;
+       }
 #endif
        DEREF(t1);
        DEREF(t2);
-       return make_string(the_result, strlen(the_result));
+       return make_string(the_result, reslen);
 }
 
 /* do_bindtextdomain --- set the directory for a text domain */
@@ -3886,29 +3904,32 @@ do_bindtextdomain(int nargs)
        /* set defaults */
        directory = NULL;
        domain = TEXTDOMAIN;
-       char save;
-       bool saved_end = false;
+       char save, save1;
 
        if (nargs == 2) {       /* second argument */
                t2 = POP_STRING();
                domain = (const char *) t2->stptr;
                save = t2->stptr[t2->stlen];
                t2->stptr[t2->stlen] = '\0';
-               saved_end = true;
        }
 
        /* first argument */
        t1 = POP_STRING();
-       if (t1->stlen > 0)
+       if (t1->stlen > 0) {
                directory = (const char *) t1->stptr;
+               save1 = t1->stptr[t1->stlen];
+               t1->stptr[t1->stlen] = '\0';
+       }
 
        the_result = bindtextdomain(domain, directory);
+       if (directory)
+               t1->stptr[t1->stlen] = save1;
 
        DEREF(t1);
-       if (saved_end)
+       if (t2 != NULL) {
                t2->stptr[t2->stlen] = save;
-       if (t2 != NULL)
                DEREF(t2);
+       }
 
        return make_string(the_result, strlen(the_result));
 }

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    9 +++++++++
 builtin.c |   41 +++++++++++++++++++++++++++++++----------
 2 files changed, 40 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
gawk
reply via email to
[Prev in Thread] Current Thread [Next in Thread]