summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Foley2019-01-01 13:40:58 -0800
committerDenys Vlasenko2019-01-21 12:55:49 +0100
commitdac15a10accc6921d1559d254ceed9fe9d092ddf (patch)
tree2c0082d5b5b03df07d26d048c587fdae0a22700c
parent11cb9eeffec0e2575c8722e83de3116f81b61b4f (diff)
downloadbusybox-dac15a10accc6921d1559d254ceed9fe9d092ddf.zip
busybox-dac15a10accc6921d1559d254ceed9fe9d092ddf.tar.gz
awk: Guard pointer chasing when parsing ternary expressions.
Avoids an uninit pointer deref for some malformed ternary exprs. Add a test that would crash in busybox before this fix. Signed-off-by: Brian Foley <bpfoley@google.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--editors/awk.c3
-rwxr-xr-xtestsuite/awk.tests3
2 files changed, 5 insertions, 1 deletions
diff --git a/editors/awk.c b/editors/awk.c
index b6d8cf2..f2b8b13 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -1265,7 +1265,7 @@ static node *parse_expr(uint32_t iexp)
debug_printf_parse("%s(%x)\n", __func__, iexp);
sn.info = PRIMASK;
- sn.r.n = glptr = NULL;
+ sn.r.n = sn.a.n = glptr = NULL;
xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP | iexp;
while (!((tc = next_token(xtc)) & iexp)) {
@@ -1287,6 +1287,7 @@ static node *parse_expr(uint32_t iexp)
|| ((t_info == vn->info) && ((t_info & OPCLSMASK) == OC_COLON))
) {
vn = vn->a.n;
+ if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
}
if ((t_info & OPCLSMASK) == OC_TERNARY)
t_info += P(6);
diff --git a/testsuite/awk.tests b/testsuite/awk.tests
index 3933fef..9f353fc 100755
--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
@@ -338,6 +338,9 @@ testing "awk continue" \
testing "awk handles invalid for loop" \
"awk '{ for() }' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" ""
+testing "awk handles colon not preceded by ternary" \
+ "awk 'foo:bar:' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" ""
+
# testing "description" "command" "result" "infile" "stdin"
testing 'awk negative field access' \
'awk 2>&1 -- '\''{ $(-1) }'\' \