awk: fix use after free (CVE-2022-30065)
fixes https://bugs.busybox.net/show_bug.cgi?id=14781 function old new delta evaluate 3343 3357 +14 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
3ad3aa6441
commit
e63d7cdfda
@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
|
||||
|
||||
case XC( OC_MOVE ):
|
||||
debug_printf_eval("MOVE\n");
|
||||
/* make sure that we never return a temp var */
|
||||
if (L.v == TMPVAR0)
|
||||
L.v = res;
|
||||
/* if source is a temporary string, jusk relink it to dest */
|
||||
if (R.v == TMPVAR1
|
||||
&& !(R.v->type & VF_NUMBER)
|
||||
|
@ -479,4 +479,10 @@ testing 'awk backslash+newline eaten with no trace' \
|
||||
"Hello world\n" \
|
||||
'' ''
|
||||
|
||||
testing 'awk assign while test' \
|
||||
"awk '\$1==\$1=\"foo\" {print \$1}'" \
|
||||
"foo\n" \
|
||||
"" \
|
||||
"foo"
|
||||
|
||||
exit $FAILCOUNT
|
||||
|
Loading…
Reference in New Issue
Block a user