From owner-freebsd-bugs@freebsd.org Thu Dec 1 04:27:40 2016 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92D16C5F0AA for ; Thu, 1 Dec 2016 04:27:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 82CE7195F for ; Thu, 1 Dec 2016 04:27:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uB14ReZd016043 for ; Thu, 1 Dec 2016 04:27:40 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 214973] bmake segfault on parenthesized variables. Date: Thu, 01 Dec 2016 04:27:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ori@eigenstate.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2016 04:27:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214973 Bug ID: 214973 Summary: bmake segfault on parenthesized variables. Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: ori@eigenstate.org Created attachment 177565 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D177565&action= =3Dedit Fixes segfault in bmake. Possibly sketchy. Turns out that I can trivially segfault make with this input: (FOO)=3Dval This happens because in /usr/src/contrib/bmake/parse.c:1862 or so, we start off with: for (depth =3D 0, cp =3D line + 1; depth > 0 || *cp !=3D '=3D'; cp+= +) { which skips over the opening '(', meaning that when we see the closing ')', the depth becomes negative, and we never break out of the loop, eventually reading outside of mapped memory. Starting off with 'cp =3D line', as in the attached patch, seems to work, although I'm a bit suspicious about it breaking some subtle case when parsing variables. Still, I tested by: cd /usr/src/usr.bin/bmake; make; make install cd /usr/src/lib/libc; make clean; make Seems to work. 'make world' is running now. --=20 You are receiving this mail because: You are the assignee for the bug.=