On Tue, 02 Mar 2021 12:40:37 -0700, "Todd C. Miller" wrote: > The following appears to fix it. Basically the NUL terminator was > being written to the end of the allocation but if we didn't fill > the entire thing then malloc junk bytes could be processed.
Here's a more complete fix that corrects the amount of space allocated. This is https://github.com/onetrueawk/awk/pull/112 - todd Index: usr.bin/awk/b.c =================================================================== RCS file: /cvs/src/usr.bin/awk/b.c,v retrieving revision 1.35 diff -u -p -u -r1.35 b.c --- usr.bin/awk/b.c 9 Dec 2020 20:00:11 -0000 1.35 +++ usr.bin/awk/b.c 2 Mar 2021 20:07:26 -0000 @@ -942,7 +942,7 @@ replace_repeat(const uschar *reptok, int if (special_case == REPEAT_PLUS_APPENDED) { size++; /* for the final + */ } else if (special_case == REPEAT_WITH_Q) { - size += init_q + (atomlen+1)* n_q_reps; + size += init_q + (atomlen+1)* (n_q_reps-init_q); } else if (special_case == REPEAT_ZERO) { size += 2; /* just a null ERE: () */ } @@ -971,11 +971,8 @@ replace_repeat(const uschar *reptok, int } } memcpy(&buf[j], reptok+reptoklen, suffix_length); - if (special_case == REPEAT_ZERO) { - buf[j+suffix_length] = '\0'; - } else { - buf[size] = '\0'; - } + j += suffix_length; + buf[j] = '\0'; /* free old basestr */ if (firstbasestr != basestr) { if (basestr)
