From owner-freebsd-bugs@FreeBSD.ORG Wed Oct 6 10:30:28 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD2DB16A4CE for ; Wed, 6 Oct 2004 10:30:28 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2D3243D48 for ; Wed, 6 Oct 2004 10:30:28 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i96AUSMk035878 for ; Wed, 6 Oct 2004 10:30:28 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i96AUSTe035875; Wed, 6 Oct 2004 10:30:28 GMT (envelope-from gnats) Date: Wed, 6 Oct 2004 10:30:28 GMT Message-Id: <200410061030.i96AUSTe035875@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Giorgos Keramidas Subject: Re: bin/72370: awk in -current dumps core X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Giorgos Keramidas List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2004 10:30:29 -0000 The following reply was made to PR bin/72370; it has been noted by GNATS. From: Giorgos Keramidas To: Joseph Koshy Cc: "David O'Brien" , bug-followup@freebsd.org Subject: Re: bin/72370: awk in -current dumps core Date: Wed, 6 Oct 2004 13:22:26 +0300 On 2004-10-06 06:06, Giorgos Keramidas wrote: > What you see below: > > $ echo | /4/usr/bin/awk '{ x = 2147483647; print $x }' > > *blank line* > > $ echo | /5/usr/bin/awk '{ x = 2147483648; print $x }' > > /5/usr/bin/awk: trying to access field -2147483648 > > input record number 1, file > > source line number 1 > > is a result of the fieldaddr() function in lib.c, which does: > > 378 Cell *fieldadr(int n) /* get nth field */ > 379 { > 380 if (n < 0) > 381 FATAL("trying to access field %d", n); > 382 if (n > nfields) /* fields after NF are empty */ > 383 growfldtab(n); /* but does not increase NF */ > 384 return(fldtab[n]); > 385 } > > so negative field numbers are warned about but field numbers greater than the > existing fields are silently converted to empty strings. The overflow shown above can be fixed with this minor patch: : Index: run.c : =================================================================== : RCS file: /home/ncvs/src/contrib/one-true-awk/run.c,v : retrieving revision 1.1.1.7 : diff -u -u -r1.1.1.7 run.c : --- run.c 8 Feb 2004 21:32:21 -0000 1.1.1.7 : +++ run.c 6 Oct 2004 10:18:17 -0000 : @@ -26,6 +26,7 @@ : #include : #include : #include : +#include : #include : #include : #include : @@ -705,12 +706,16 @@ : : Cell *indirect(Node **a, int n) /* $( a[0] ) */ : { : + Awkfloat val; : Cell *x; : int m; : char *s; : : x = execute(a[0]); : - m = (int) getfval(x); : + val = getfval(x); : + if ((Awkfloat)INT_MAX < val) : + FATAL("trying to access field %s", x->nval); : + m = (int) val; : if (m == 0 && !is_number(s = getsval(x))) /* suspicion! */ : FATAL("illegal field $(%s), name \"%s\"", s, x->nval); : /* BUG: can x->nval ever be null??? */ I'm still investigating if something can be done about the other places where nawk might start accessing field numbers way beyond the limits of INT_MAX. Its source is fairly complicated for my limited C knowledge though, so don't hold your breath. - Giorgos