awk: fix read beyond end of buffer

Commit 7d06d6e18 (awk: fix printf %%) can cause awk printf to read
beyond the end of a strduped buffer:

  2349      while (*f && *f != '%')
  2350          f++;
  2351      c = *++f;

If the loop terminates because a NUL character is detected the
character after the NUL is read.  This can result in failures
depending on the value of that character.

function                                             old     new   delta
awk_printf                                           672     665      -7

Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Ron Yorston 2021-09-09 08:15:31 +01:00 committed by Denys Vlasenko
parent eb60777769
commit 305a30d80b

View File

@ -2348,17 +2348,19 @@ static char *awk_printf(node *n, size_t *len)
s = f; s = f;
while (*f && *f != '%') while (*f && *f != '%')
f++; f++;
c = *++f; if (*f) {
if (c == '%') { /* double % */ c = *++f;
slen = f - s; if (c == '%') { /* double % */
s = xstrndup(s, slen); slen = f - s;
f++; s = xstrndup(s, slen);
goto tail; f++;
} goto tail;
while (*f && !isalpha(*f)) { }
if (*f == '*') while (*f && !isalpha(*f)) {
syntax_error("%*x formats are not supported"); if (*f == '*')
f++; syntax_error("%*x formats are not supported");
f++;
}
} }
c = *f; c = *f;
if (!c) { if (!c) {