Module Name: src
Committed By: rillig
Date: Sun Oct 4 11:58:57 UTC 2020
Modified Files:
src/usr.bin/make: parse.c
Log Message:
make(1): fix out-of-bounds memory access in Parse_DoVar
When a line starts with "=value", this is interpreted as a variable
assignment, with an empty variable name. In that case, there is no
"previous character" from the '='. Accessing that character therefore
was an out-of-bounds read access.
If a whole file starts with "=value", instead of just a single line,
this out-of-bounds access can actually lead to a segmentation fault.
This depends on the memory allocator though.
To generate a diff of this commit:
cvs rdiff -u -r1.350 -r1.351 src/usr.bin/make/parse.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/make/parse.c
diff -u src/usr.bin/make/parse.c:1.350 src/usr.bin/make/parse.c:1.351
--- src/usr.bin/make/parse.c:1.350 Sun Oct 4 10:35:25 2020
+++ src/usr.bin/make/parse.c Sun Oct 4 11:58:57 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.c,v 1.350 2020/10/04 10:35:25 rillig Exp $ */
+/* $NetBSD: parse.c,v 1.351 2020/10/04 11:58:57 rillig Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1993
@@ -131,7 +131,7 @@
#include "pathnames.h"
/* "@(#)parse.c 8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: parse.c,v 1.350 2020/10/04 10:35:25 rillig Exp $");
+MAKE_RCSID("$NetBSD: parse.c,v 1.351 2020/10/04 11:58:57 rillig Exp $");
/* types and constants */
@@ -1790,7 +1790,7 @@ Parse_DoVar(char *line, GNode *ctxt)
*cp = '\0';
}
}
- opc = cp-1; /* operator is the previous character */
+ opc = cp > line ? cp - 1 : cp; /* operator is the previous character */
*cp++ = '\0'; /* nuke the = */
/*
