> Ralf Wildenhues <Ralf.Wildenhues <at> gmx.de> writes:
Hi Ralf, and thanks for spotting this (the bug is highly dependent on what is
already on the heap, but I haven't been able to get valgrind to run on cygwin).
> ==8387== Conditional jump or move depends on uninitialised value(s)
> ==8387== at 0x41F811: quotearg_buffer_restyled (quotearg.c:296)
> ==8387== by 0x41FD0F: quotearg_n_options (quotearg.c:723)
> ==8387== by 0x41FDF6: quotearg_n (quotearg.c:743)
> ==8387== by 0x41FE3C: quotearg (quotearg.c:755)
> ==8387== by 0x4027CF: m4_verror_at_line (m4.c:121)
Sure enough, I forgot to terminate the array. Not a problem on the argv_ref
branch (but only because I switched to length-based processing instead of NUL-
termination-based). Committing this to branch and head.
From: Eric Blake <[EMAIL PROTECTED]>
Date: Wed, 20 Feb 2008 17:02:06 -0700
Subject: [PATCH] Fix out-of-bounds read for sanitized macro names, from 2008-02-
06.
* src/m4.c (m4_verror_at_line): Properly terminate the string.
Reported by Ralf Wildenhues.
Signed-off-by: Eric Blake <[EMAIL PROTECTED]>
---
ChangeLog | 6 ++++++
src/m4.c | 1 +
2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 62b78a9..0f4e496 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-02-21 Eric Blake <[EMAIL PROTECTED]>
+
+ Fix out-of-bounds read for sanitized macro names, from 2008-02-06.
+ * src/m4.c (m4_verror_at_line): Properly terminate the string.
+ Reported by Ralf Wildenhues.
+
2008-02-19 Eric Blake <[EMAIL PROTECTED]>
Clean up foreach example.
diff --git a/src/m4.c b/src/m4.c
index a6bc92a..af4991f 100644
--- a/src/m4.c
+++ b/src/m4.c
@@ -113,6 +113,7 @@ m4_verror_at_line (bool warn, int status, int errnum, const
char *file,
*p++ = *macro++;
}
while (*macro);
+ *p = '\0';
}
/* Prepend warning and the macro name, as needed. But if that fails
for non-memory reasons (unlikely), then still use the original
--
1.5.4
_______________________________________________
Bug-m4 mailing list
[EMAIL PROTECTED]
http://lists.gnu.org/mailman/listinfo/bug-m4
_______________________________________________
M4-patches mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/m4-patches
