From nobody Fri Nov 11 18:37:07 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N86r43fTlz4dbm8; Fri, 11 Nov 2022 18:37:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N86r41H2Mz3x3q; Fri, 11 Nov 2022 18:37:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668191828; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YAQjzRHbC2rKCbmXNVxEhQ9lTaNxVBxiKVMaEkguoF4=; b=Lk8Ow2MNUYyZE0PAdlpapvicWi8Bg6Zb0TimMqx+qEYo3UUNQz2Rnu3X0jz+m3B4DVHGlY pdOi5X3ll16ivV6hFlgPeZIg3ME2p/K+mxgKqx3LjOw/kLaa8v7RUoqTv/9RyEhUsVCx7b uQ2hQeDLMOnUWcg7E7SWopag2AFTvKpZl7cYRJnV3ARVxRP3JuxhHK4rmGkwqOZJS6U9lV zg5OsbkeVHWTZfGY0ZWzQX4/rK14n0eGFDtKaYz2H+I92tolDEUFqB/AFq5Er5PrczX86G vODRN0p35FWndRW9zTFRRnQeENwe/o3y2Drem7oRvvtgeE03QOFwUb+G1bIZTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668191828; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YAQjzRHbC2rKCbmXNVxEhQ9lTaNxVBxiKVMaEkguoF4=; b=BUqhsYBC+sL+TDlcWNk37KpDWcfd5W5ayCOUlzIYx8XWgd9bsBKqnibnJakk/b9HMWdyHs f1ttlxuZ82ETv2QZYy/CVieZ5p/4QOSgN2ZhW6vz/CT0gm7O6AVZdAI+Co81+JwnKOby9m NI3igKeZoTGyLoftMzo28wSOfpriK7dzI6sQN/VGhvxNYQ10lxmXHj2TP/LNC2t0hFFPF7 LxaMcoJmm5fx6BirD8WEIDx8epKc6rzTdbPDgar1WRJnAhLN+DSnzqpaOTPUCqdfw6nLy9 62UbhLQnHhQT3ilN1yzwRP5Is+iCGyJ+LPpEIKhGgp0eQenEpT/+TVmQnlywRw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668191828; a=rsa-sha256; cv=none; b=RnJ7fVTm4VaRQinDoNqes2lTJ0/i7TZW8HnjH71vAPTduDzCE+0w1AMrLFtZ9Dxtn2Fq+2 n/mnSA9g+FAmrjTOzl7TkHQ30d5HpecduG20oVk3mTjWNTPXB7l+3f0C9XX0JCdxmktb5L qtBmpDuT1VHz+yq/SBvbjJo0kcg3Eiyc9EiMb8iPEfwDZpdYpUb87u7ORkVH4gpioBT01K Qigp/PCarbNKP0r+c0GEa7h1LdM/jpW6iTondJGpmvwXDUwnXqx2N+lv5ihO98PmwDK9eH jY5DSGIjCXAXMTcXKcJu6yTbZPQgkd2TyPvrYMqhqj2UfISJHUPRX3Mco6oezg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N86r40Ny0zt9Q; Fri, 11 Nov 2022 18:37:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ABIb7PE004526; Fri, 11 Nov 2022 18:37:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ABIb7Kv004525; Fri, 11 Nov 2022 18:37:07 GMT (envelope-from git) Date: Fri, 11 Nov 2022 18:37:07 GMT Message-Id: <202211111837.2ABIb7Kv004525@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 593cb2e370e4 - stable/13 - rs: Fix some pointer arith UB. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 593cb2e370e4d59064ea02854a45a0b3e8a5bb9c Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=593cb2e370e4d59064ea02854a45a0b3e8a5bb9c commit 593cb2e370e4d59064ea02854a45a0b3e8a5bb9c Author: John Baldwin AuthorDate: 2022-10-05 23:48:05 +0000 Commit: John Baldwin CommitDate: 2022-11-11 18:18:54 +0000 rs: Fix some pointer arith UB. If the next column was blank, then the length of the following entry was computed as the end of the following entry minus a global variable "blank" which is not in the same string or allocation. Instead, save the start value of 'p' explicitly instead of abusing '*ep'. Possibly we should just increment p before saving it in sp in the 'blank' case, but at worst that would just mean maxlen might be one char too large which should be harmless. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D36832 (cherry picked from commit ba86cffb2840e12b5d72453d7c574850a76001d8) --- usr.bin/rs/rs.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.bin/rs/rs.c b/usr.bin/rs/rs.c index 557c5b9f56c0..046bdc125f00 100644 --- a/usr.bin/rs/rs.c +++ b/usr.bin/rs/rs.c @@ -114,10 +114,11 @@ main(int argc, char *argv[]) static void getfile(void) { - char *p; + char *p, *sp; char *endp; char **ep; int c; + int len; int multisep = (flags & ONEISEPONLY ? 0 : 1); int nullpad = flags & NULLPAD; char **padto; @@ -159,11 +160,13 @@ getfile(void) *ep = blank; else /* store column entry */ *ep = p; + sp = p; while (p < endp && *p != isep) p++; /* find end of entry */ *p = '\0'; /* mark end of entry */ - if (maxlen < p - *ep) /* update maxlen */ - maxlen = p - *ep; + len = p - sp; + if (maxlen < len) /* update maxlen */ + maxlen = len; INCR(ep); /* prepare for next entry */ } irows++; /* update row count */