Date: Wed, 2 Aug 2006 01:50:17 GMT From: Nate Eldredge <nge@cs.hmc.edu> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/99985: make(1) crashes with invalid continuation lines Message-ID: <200608020150.k721oHOw085503@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/99985; it has been noted by GNATS.
From: Nate Eldredge <nge@cs.hmc.edu>
To: bug-followup@FreeBSD.org, ltsampros@upnet.gr
Cc:
Subject: Re: bin/99985: make(1) crashes with invalid continuation lines
Date: Tue, 1 Aug 2006 18:49:49 -0700 (PDT)
Well, here is a patch which fixes this bug. Though I'm a little confused
as to the behavior of the code anyway.
In brk_string in str.c, if expand == 0, a backslash causes itself and the
following character to be copied to the output, without processing. If
the following character is the terminating null, then it won't be noticed,
and we'll march happily beyond the end of the string (and maybe crash, or
maybe not). So this patch fixes that. However, the behavior seems odd in
general. For instance, as it stands the string "foo\ bar" is a single
argument, whereas "foo/ bar" is two args: {"foo/", "bar"}. I don't
understand what the correct semantics should be.
Note the bug has been present since revision 1.3, which apparently was
imported from NetBSD for FreeBSD 2.0.5, back in 1995. In May 2005 we
imported a version from DragonFlyBSD by Max Okumoto, who largely rewrote
the function, keeping the bug intact!
--- /usr/src/usr.bin/make/str.c Mon May 23 06:27:52 2005
+++ str.c Tue Aug 1 18:25:34 2006
@@ -260,8 +260,14 @@
}
} else {
*arg++ = str[0];
- ++str;
- *arg++ = str[0];
+ /*
+ * FIXME: Why does a backslash protect
+ * the next character even with expand=0 ?
+ */
+ if (str[1]) {
+ ++str;
+ *arg++ = str[0];
+ }
}
break;
default:
--
Nate Eldredge
nge@cs.hmc.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608020150.k721oHOw085503>