diff options
author | Brian Foley | 2019-01-01 13:40:58 -0800 |
---|---|---|
committer | Denys Vlasenko | 2019-01-21 12:55:49 +0100 |
commit | dac15a10accc6921d1559d254ceed9fe9d092ddf (patch) | |
tree | 2c0082d5b5b03df07d26d048c587fdae0a22700c | |
parent | 11cb9eeffec0e2575c8722e83de3116f81b61b4f (diff) | |
download | busybox-dac15a10accc6921d1559d254ceed9fe9d092ddf.zip busybox-dac15a10accc6921d1559d254ceed9fe9d092ddf.tar.gz |
awk: Guard pointer chasing when parsing ternary expressions.
Avoids an uninit pointer deref for some malformed ternary exprs.
Add a test that would crash in busybox before this fix.
Signed-off-by: Brian Foley <bpfoley@google.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | editors/awk.c | 3 | ||||
-rwxr-xr-x | testsuite/awk.tests | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/editors/awk.c b/editors/awk.c index b6d8cf2..f2b8b13 100644 --- a/editors/awk.c +++ b/editors/awk.c @@ -1265,7 +1265,7 @@ static node *parse_expr(uint32_t iexp) debug_printf_parse("%s(%x)\n", __func__, iexp); sn.info = PRIMASK; - sn.r.n = glptr = NULL; + sn.r.n = sn.a.n = glptr = NULL; xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP | iexp; while (!((tc = next_token(xtc)) & iexp)) { @@ -1287,6 +1287,7 @@ static node *parse_expr(uint32_t iexp) || ((t_info == vn->info) && ((t_info & OPCLSMASK) == OC_COLON)) ) { vn = vn->a.n; + if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN); } if ((t_info & OPCLSMASK) == OC_TERNARY) t_info += P(6); diff --git a/testsuite/awk.tests b/testsuite/awk.tests index 3933fef..9f353fc 100755 --- a/testsuite/awk.tests +++ b/testsuite/awk.tests @@ -338,6 +338,9 @@ testing "awk continue" \ testing "awk handles invalid for loop" \ "awk '{ for() }' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" "" +testing "awk handles colon not preceded by ternary" \ + "awk 'foo:bar:' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" "" + # testing "description" "command" "result" "infile" "stdin" testing 'awk negative field access' \ 'awk 2>&1 -- '\''{ $(-1) }'\' \ |