[Bug 364505] Re: gawk crashes when given too big regex group index

martin Tue, 21 Apr 2009 23:25:39 -0700

I reported this bug upstream as well and they immediately suggested a
potential fix:


Index: ChangeLog
===================================================================
RCS file: /d/mongo/cvsrep/gawk-stable/ChangeLog,v
retrieving revision 1.101
diff -u -r1.101 ChangeLog
--- ChangeLog   16 Apr 2009 20:02:25 -0000      1.101
+++ ChangeLog   22 Apr 2009 04:43:41 -0000
@@ -1,3 +1,11 @@
+Wed Apr 22 07:42:05 2009  Arnold D. Robbins  <arn...@skeeve.com>
+
+       * builtin.c (sub_common): In code for handling \<dig> replacements,
+       first make sure that <dig> is within the range of parentheses sets
+       given, and then make sure that the subpattern start is not -1, meaning
+       that something actually matched. Thanks to  Martin Olsson
+       <mn...@minimum.se> for the bug report.
+
 Thu Apr 16 22:59:32 2009  Arnold D. Robbins  <arn...@skeeve.com>
 
        * eval.c (func_call): Save nloops_active; if after function returns
Index: builtin.c
===================================================================
RCS file: /d/mongo/cvsrep/gawk-stable/builtin.c,v
retrieving revision 1.31
diff -u -r1.31 builtin.c
--- builtin.c   27 Mar 2009 08:01:13 -0000      1.31
+++ builtin.c   22 Apr 2009 04:40:15 -0000
@@ -2544,15 +2544,17 @@
                                        if (backdigs) { /* gensub, behave 
sanely */
                                                if (ISDIGIT(scan[1])) {
                                                        int dig = scan[1] - '0';
-                                                       char *start, *end;
+                                                       if (dig < 
NUMSUBPATS(rp, t->stptr) && SUBPATSTART(rp, tp->stptr, dig) != -1) {
+                                                               char *start, 
*end;
                
-                                                       start = t->stptr
-                                                             + SUBPATSTART(rp, 
t->stptr, dig);
-                                                       end = t->stptr
-                                                             + SUBPATEND(rp, 
t->stptr, dig);
-               
-                                                       for (cp = start; cp < 
end; cp++)
-                                                               *bp++ = *cp;
+                                                               start = t->stptr
+                                                                     + 
SUBPATSTART(rp, t->stptr, dig);
+                                                               end = t->stptr
+                                                                     + 
SUBPATEND(rp, t->stptr, dig);
+
+                                                               for (cp = 
start; cp < end; cp++)
+                                                                       *bp++ = 
*cp;
+                                                       }
                                                        scan++;
                                                } else  /* \q for any q --> q */
                                                        *bp++ = *++scan;

This fix is not yet checked in (and I'm not sure this will be the final fix), 
let's keep an eye on the upstream changelog:
http://cvs.savannah.gnu.org/viewvc/gawk-stable/ChangeLog?root=gawk&view=log

Hopefully this bug will be fixed upstream and a new release will be
packaged for karmic (the gawk package was never updated for jaunty).

-- 
gawk crashes when given too big regex group index
https://bugs.launchpad.net/bugs/364505
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 364505] Re: gawk crashes when given too big regex group index

Reply via email to