Package: gawk
Version: 1:4.1.1+dfsg-1
Severity: important
Dear Maintainer,
The following wonderful program causes an immediate segfault in the
parse-process of gawk:
for (i = ) in foo bar baz
For example:
shelob ~ $ cat t.gawk
for (i = ) in foo bar baz
shelob ~ $ gawk -f t.gawk
gawk: t.gawk:1: for (i = ) in foo bar baz
gawk: t.gawk:1: ^ syntax error
gawk: t.gawk:1: for (i = ) in foo bar baz
gawk: t.gawk:1: ^ syntax error
gawk: t.gawk:1: fatal error: internal error: segfault
Aborted
This error comes from a NULL-pointer dereference in awkgram.yy, around line
1350:
if ($1->lasti->opcode == Op_concat) {
/* multiple (> 2) adjacent strings optimization */
The following patch turns this into an immediate exit, rather than dereference
of $1->lasti (which is NULL):
--- /home/skx/gawk-4.1.1+dfsg/awkgram.y 2014-03-05 06:00:36.000000000 +0200
+++ awkgram.y 2016-02-29 13:50:43.239771376 +0200
@@ -1343,6 +1343,10 @@
int count = 2;
bool is_simple_var = false;
+ if ( ( $1 == NULL ) || ($1->lasti == NULL ) ) {
+ yyerror("Fatal error");
+ YYABORT;
+ }
if ($1->lasti->opcode == Op_concat) {
/* multiple (> 2) adjacent strings optimization */
is_simple_var = ($1->lasti->concat_flag & CSVAR);
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gawk depends on:
ii libc6 2.19-18+deb8u3
ii libgmp10 2:6.0.0+dfsg-6
ii libmpfr4 3.1.2-2
ii libreadline6 6.3-8+b3
ii libsigsegv2 2.10-4+b1
gawk recommends no packages.
Versions of packages gawk suggests:
pn gawk-doc <none>
-- no debconf information
