Page MenuHomeFreeBSD
Differential D39573

awk: avoid walking off end of some invalid format strings
ClosedPublic
Actions

Authored by emaste on Apr 14 2023, 2:51 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 24, 10:57 PM
Unknown Object (File)
Tue, Sep 24, 10:57 PM
Unknown Object (File)
Tue, Sep 24, 10:57 PM
Unknown Object (File)
Tue, Sep 24, 10:57 PM
Unknown Object (File)
Tue, Sep 24, 6:32 PM
Unknown Object (File)
Tue, Sep 24, 6:32 PM
Unknown Object (File)
Sun, Sep 22, 11:39 PM
Unknown Object (File)
Fri, Sep 13, 2:17 AM
View All 49 Files
Subscribers
markj

Details

Reviewers
imp
phk
markj
Group Reviewers
secteam
Commits
rG40399b2a4a8a: awk: errror on printf format strings lacking conversion specifier
rG46529cb99040: awk: errror on printf format strings lacking conversion specifier
rG5dbd073b045c: awk: errror on printf format strings lacking conversion specifier
Summary
This is a minimal change to avoid the invalid memory access; a more
comprehensive change ought to happen upstream.

Reported by:    phk
Sponsored by:   The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste requested review of this revision.Apr 14 2023, 2:51 PM
emaste created this revision.
imp added a comment.EditedApr 14 2023, 3:14 PM

I don't understand why you did what you did worked... Perhaps a sentence or two explaining why that's the right place to do this.

Also, what does the test case printf("%#") or %- or other pathology do? Or some other unterminated sequence?

contrib/one-true-awk/run.c
851

Why not have that

if (*(s+1) == '\0') break;

here, either before or after this if.

emaste added inline comments.Apr 14 2023, 3:51 PM
contrib/one-true-awk/run.c
851

That would exit the loop before detecting and reporting the error if the string is just "%", and would not fix the error phk reported for e.g. %1

emaste added a comment.Apr 14 2023, 3:53 PM

I don't understand why you did what you did worked... Perhaps a sentence or two explaining why that's the right place to do this.

This was the simplest way to avoid walking off the end of the string, if we've already consumed everything. I don't think it's the "right" place to do this, it's just the least invasive.

emaste updated this revision to Diff 120329.Apr 14 2023, 3:57 PM

Add a comment about the break condition.

emaste added inline comments.Apr 14 2023, 4:16 PM
contrib/one-true-awk/run.c
861

This s++ is the offending increment, moving s to the \0. But we want to keep the warnings at line 916/921, so we don't want to exit the loop here.

emaste added a reviewer: secteam.Apr 14 2023, 4:24 PM
emaste updated this revision to Diff 120332.Apr 14 2023, 4:36 PM

small improvement: move the \0 check into the offending loop

markj added a subscriber: markj.Apr 14 2023, 4:38 PM
markj added inline comments.
contrib/one-true-awk/run.c
861

Should the order of these checks be reversed? That is, don't you want to know that *s != '\0' before checking whether *(s+1) != '\0'?

emaste added a comment.Apr 14 2023, 4:40 PM

sample output w/ this change:

$ ./a.out 'BEGIN {printf("%3u\n", 123)}'
123

$ ./a.out 'BEGIN {printf("%3u\n")}'
./a.out: not enough args in printf(%3u
)
 source line number 1

 $ ./a.out 'BEGIN {printf("%3\n", 123)}'
./a.out: weird printf conversion %3
 source line number 1
%3123

$ ./a.out 'BEGIN {printf("%")}'
./a.out: weird printf conversion 
 source line number 1
./a.out: not enough args in printf(%)
 source line number 1
emaste added inline comments.Apr 14 2023, 4:50 PM
contrib/one-true-awk/run.c
861

Hmm, yes - I did it in this order because I think we don't want the t++ for the case that we lack the conversion character.

In practice I think it's actually OK (although unintentional) but is indeed confusing. What about

for (t = fmt; *s != '\0' && *(s+1) != '\0'; s++) {
        *t++ = *s;

(I say it's OK because on the first loop iteration *s is not \0 (from line 845), and so it's fine to examine *(s+1) on each pass.)

imp accepted this revision.Apr 14 2023, 4:56 PM

This looks good to me. I'm neutral on order per mark.

This revision is now accepted and ready to land.Apr 14 2023, 4:56 PM
emaste updated this revision to Diff 120334.Apr 14 2023, 5:00 PM

third try: just turn missing conversion specifier into a fatal error

This revision now requires review to proceed.Apr 14 2023, 5:00 PM
emaste added inline comments.Apr 14 2023, 5:03 PM
contrib/one-true-awk/run.c
916

will add break; as well to keep Coverity or other tools happy

imp accepted this revision.Apr 14 2023, 5:10 PM

thanks for making this much better.

This revision is now accepted and ready to land.Apr 14 2023, 5:10 PM
markj accepted this revision as: markj.Apr 14 2023, 5:12 PM

This seems sane.

Closed by commit rG5dbd073b045c: awk: errror on printf format strings lacking conversion specifier (authored by emaste). · Explain WhyApr 14 2023, 5:33 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rG5dbd073b045c: awk: errror on printf format strings lacking conversion specifier.
emaste added a commit: rG46529cb99040: awk: errror on printf format strings lacking conversion specifier.Apr 17 2023, 1:13 PM
emaste added a commit: rG40399b2a4a8a: awk: errror on printf format strings lacking conversion specifier.

Revision Contents
Changeset List

PathSize
contrib/
one-true-awk/
3 lines

Diff 120337

View Options

contrib/one-true-awk/run.c

Loading...