Date: Wed, 6 Oct 2004 10:30:28 GMT From: Giorgos Keramidas <keramida@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/72370: awk in -current dumps core Message-ID: <200410061030.i96AUSTe035875@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/72370; it has been noted by GNATS.
From: Giorgos Keramidas <keramida@freebsd.org>
To: Joseph Koshy <jkoshy@freebsd.org>
Cc: "David O'Brien" <obrien@freebsd.org>, bug-followup@freebsd.org
Subject: Re: bin/72370: awk in -current dumps core
Date: Wed, 6 Oct 2004 13:22:26 +0300
On 2004-10-06 06:06, Giorgos Keramidas <keramida@freebsd.org> wrote:
> What you see below:
> > $ echo | /4/usr/bin/awk '{ x = 2147483647; print $x }'
> > *blank line*
> > $ echo | /5/usr/bin/awk '{ x = 2147483648; print $x }'
> > /5/usr/bin/awk: trying to access field -2147483648
> > input record number 1, file
> > source line number 1
>
> is a result of the fieldaddr() function in lib.c, which does:
>
> 378 Cell *fieldadr(int n) /* get nth field */
> 379 {
> 380 if (n < 0)
> 381 FATAL("trying to access field %d", n);
> 382 if (n > nfields) /* fields after NF are empty */
> 383 growfldtab(n); /* but does not increase NF */
> 384 return(fldtab[n]);
> 385 }
>
> so negative field numbers are warned about but field numbers greater than the
> existing fields are silently converted to empty strings.
The overflow shown above can be fixed with this minor patch:
: Index: run.c
: ===================================================================
: RCS file: /home/ncvs/src/contrib/one-true-awk/run.c,v
: retrieving revision 1.1.1.7
: diff -u -u -r1.1.1.7 run.c
: --- run.c 8 Feb 2004 21:32:21 -0000 1.1.1.7
: +++ run.c 6 Oct 2004 10:18:17 -0000
: @@ -26,6 +26,7 @@
: #include <stdio.h>
: #include <ctype.h>
: #include <setjmp.h>
: +#include <limits.h>
: #include <math.h>
: #include <string.h>
: #include <stdlib.h>
: @@ -705,12 +706,16 @@
:
: Cell *indirect(Node **a, int n) /* $( a[0] ) */
: {
: + Awkfloat val;
: Cell *x;
: int m;
: char *s;
:
: x = execute(a[0]);
: - m = (int) getfval(x);
: + val = getfval(x);
: + if ((Awkfloat)INT_MAX < val)
: + FATAL("trying to access field %s", x->nval);
: + m = (int) val;
: if (m == 0 && !is_number(s = getsval(x))) /* suspicion! */
: FATAL("illegal field $(%s), name \"%s\"", s, x->nval);
: /* BUG: can x->nval ever be null??? */
I'm still investigating if something can be done about the other places
where nawk might start accessing field numbers way beyond the limits of
INT_MAX. Its source is fairly complicated for my limited C knowledge
though, so don't hold your breath.
- Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410061030.i96AUSTe035875>