Hello, I've attached to this email a patch that fixes a segfault from ‘expand_user_macro’ so that integer overflows don't bypass the bounds check. It applies to ‘branch-1.4’.
Byron
From 1807c3bfca8ecb761f46be149dc3cb1ea2b041d2 Mon Sep 17 00:00:00 2001 From: Byron Johnson <[email protected]> Date: Fri, 24 Jun 2022 21:59:35 -0600 Subject: [PATCH] Fix a macro expansion segfault from unchecked overflow. This example reproduces the bug on 1.4 m4's before this fix: % ~/local/m4/1.4/bin/m4 <<< 'define(`mac'\'', $2028558489387014291456) mac' /home/bairyn/local/m4/1.4/bin/m4: internal error detected; please report this bug to <[email protected]>: Segmentation fault --- src/builtin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/builtin.c b/src/builtin.c index 0715a332..16c8c868 100644 --- a/src/builtin.c +++ b/src/builtin.c @@ -2226,7 +2226,7 @@ expand_user_macro (struct obstack *obs, symbol *sym, int argc, token_data **argv) { const char *text = SYMBOL_TEXT (sym); - int i; + unsigned int i; while (1) { const char *dollar = strchr (text, '$'); -- 2.36.1
_______________________________________________ M4-patches mailing list [email protected] https://lists.gnu.org/mailman/listinfo/m4-patches
