Date: Mon, 13 Feb 2012 10:24:23 +0000 (UTC) From: Tijl Coosemans <tijl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r231577 - stable/8/usr.bin/hexdump Message-ID: <201202131024.q1DAONOr038119@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tijl Date: Mon Feb 13 10:24:22 2012 New Revision: 231577 URL: http://svn.freebsd.org/changeset/base/231577 Log: MFC r228636: Correct a logic error in usr.bin/hexdump/conv.c, found by clang. Whenever the conv_c() function encounters an incomplete multibyte char, it peeks ahead. It also sets p to peekbuf, to indicate it is still processing the incomplete character. However, on the next retry, it compares buf against peekbuf, which always returns false, since both buf and peekbuf are local char arrays, whose addresses are never the same. Fix this by comparing against p instead, which was the intention. Also turn peekbuf into an array of u_char, to prevent conversion warnings. MFC r229794: - Fix how hexdump parses escape strings From the NetBSD bug: The way how hexdump(1) parses escape sequences has some bugs. It shows up when an escape sequence is used as the non-last character of a format string. MFC r230649: Fix decoding of escape sequences in format strings: - Zero-terminate the resulting string by letting the for-loop copy the terminating zero. - Exit the for-loop after handling a backslash at the end of the format string to fix a buffer overrun. - Remove some unnecessary comments and blank lines. PR: bin/144722 Modified: stable/8/usr.bin/hexdump/conv.c stable/8/usr.bin/hexdump/parse.c Directory Properties: stable/8/usr.bin/hexdump/ (props changed) Modified: stable/8/usr.bin/hexdump/conv.c ============================================================================== --- stable/8/usr.bin/hexdump/conv.c Mon Feb 13 07:47:36 2012 (r231576) +++ stable/8/usr.bin/hexdump/conv.c Mon Feb 13 10:24:22 2012 (r231577) @@ -57,7 +57,7 @@ conv_c(PR *pr, u_char *p, size_t bufsize wchar_t wc; size_t clen, oclen; int converr, pad, width; - char peekbuf[MB_LEN_MAX]; + u_char peekbuf[MB_LEN_MAX]; if (pr->mbleft > 0) { str = "**"; @@ -107,7 +107,7 @@ retry: if (clen == 0) clen = 1; else if (clen == (size_t)-1 || (clen == (size_t)-2 && - buf == peekbuf)) { + p == peekbuf)) { memset(&pr->mbstate, 0, sizeof(pr->mbstate)); wc = *p; clen = 1; Modified: stable/8/usr.bin/hexdump/parse.c ============================================================================== --- stable/8/usr.bin/hexdump/parse.c Mon Feb 13 07:47:36 2012 (r231576) +++ stable/8/usr.bin/hexdump/parse.c Mon Feb 13 10:24:22 2012 (r231577) @@ -259,7 +259,9 @@ rewrite(FS *fs) sokay = NOTOKAY; } - p2 = p1 + 1; /* Set end pointer. */ + p2 = *p1 ? p1 + 1 : p1; /* Set end pointer -- make sure + * that it's non-NUL/-NULL first + * though. */ cs[0] = *p1; /* Set conversion string. */ cs[1] = '\0'; @@ -453,13 +455,14 @@ escape(char *p1) char *p2; /* alphabetic escape sequences have to be done in place */ - for (p2 = p1;; ++p1, ++p2) { - if (!*p1) { - *p2 = *p1; - break; - } - if (*p1 == '\\') - switch(*++p1) { + for (p2 = p1;; p1++, p2++) { + if (*p1 == '\\') { + p1++; + switch(*p1) { + case '\0': + *p2 = '\\'; + *++p2 = '\0'; + return; case 'a': /* *p2 = '\a'; */ *p2 = '\007'; @@ -486,6 +489,11 @@ escape(char *p1) *p2 = *p1; break; } + } else { + *p2 = *p1; + if (*p1 == '\0') + return; + } } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202131024.q1DAONOr038119>