diff options
| author | Brian Foley <bpfoley@google.com> | 2019-09-05 11:53:21 +0300 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2019-10-21 17:54:40 +0300 |
| commit | 2f3352682e3e0f62aca80c12e64d4509e48df465 (patch) | |
| tree | 1574992fb1f7a7ee36d122d53d84ab6c8c1fe868 | |
| parent | 50ba92128b0a6472a3a85efaaa8ce3bfbda1bce5 (diff) | |
dc: Parse error & fix out of bounds read in xc_program_printString
function old new delta
xc_program_print 712 735 +23
Signed-off-by: Brian Foley <bpfoley@google.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | miscutils/bc.c | 6 | ||||
| -rwxr-xr-x | testsuite/dc.tests | 20 |
2 files changed, 24 insertions, 2 deletions
diff --git a/miscutils/bc.c b/miscutils/bc.c index 44c70cac3..e880293d9 100644 --- a/miscutils/bc.c +++ b/miscutils/bc.c @@ -5456,11 +5456,13 @@ static void xc_program_printString(const char *str) char *n; c = *str++; - n = strchr(esc, c); // note: c can be NUL - if (!n) { + n = strchr(esc, c); // note: if c is NUL, n = \0 at end of esc + if (!n || !c) { // Just print the backslash and following character bb_putchar('\\'); ++G.prog.nchars; + // But if we're at the end of the string, stop + if (!c) break; } else { if (n - esc == 0) // "\n" ? G.prog.nchars = SIZE_MAX; diff --git a/testsuite/dc.tests b/testsuite/dc.tests index 1fc13c201..361bc8459 100755 --- a/testsuite/dc.tests +++ b/testsuite/dc.tests @@ -59,6 +59,26 @@ testing "dc: x should work with strings created from a" \ "42\n" \ "" "" +testing "dc: p should print invalid escapes" \ + "dc -e '[\q] p'" \ + "\\q\n" \ + "" "" + +testing "dc: p should print trailing backslashes" \ + "dc -e '[q\] p'" \ + "q\\\\\n" \ + "" "" + +testing "dc: p should parse/print single backslashes" \ + "dc -e '[\] p'" \ + "\\\\\n" \ + "" "" + +testing "dc: p should print single backslash strings" \ + "dc -e '92 a p'" \ + "\\\\\n" \ + "" "" + testing "dc read" \ "dc -finput" \ "2\n9\n1\n" \ |