Module Name: src
Committed By: rillig
Date: Thu Nov 18 23:26:58 UTC 2021
Modified Files:
src/usr.bin/indent: lexi.c
Log Message:
indent: prevent use-after-free bug
Triggered by the following artificial program:
---- snip ----
int *
f
( void)
{
}
---- snap ----
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/usr.bin/indent/lexi.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/indent/lexi.c
diff -u src/usr.bin/indent/lexi.c:1.138 src/usr.bin/indent/lexi.c:1.139
--- src/usr.bin/indent/lexi.c:1.138 Sun Nov 7 18:26:17 2021
+++ src/usr.bin/indent/lexi.c Thu Nov 18 23:26:58 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: lexi.c,v 1.138 2021/11/07 18:26:17 rillig Exp $ */
+/* $NetBSD: lexi.c,v 1.139 2021/11/18 23:26:58 rillig Exp $ */
/*-
* SPDX-License-Identifier: BSD-4-Clause
@@ -43,7 +43,7 @@ static char sccsid[] = "@(#)lexi.c 8.1 (
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__RCSID("$NetBSD: lexi.c,v 1.138 2021/11/07 18:26:17 rillig Exp $");
+__RCSID("$NetBSD: lexi.c,v 1.139 2021/11/18 23:26:58 rillig Exp $");
#elif defined(__FreeBSD__)
__FBSDID("$FreeBSD: head/usr.bin/indent/lexi.c 337862 2018-08-15 18:19:45Z pstef $");
#endif
@@ -708,8 +708,12 @@ lexi(void)
while (isalpha((unsigned char)*tp) ||
isspace((unsigned char)*tp)) {
- if (++tp >= inp.e)
+ if (++tp >= inp.e) {
+ const char *s_before = inp.s;
inp_read_line();
+ if (inp.s != s_before)
+ abort();
+ }
}
if (*tp == '(')
ps.procname[0] = ' ';
