CVS commit: src/usr.bin/make

Mon, 20 Jul 2020 08:16:01 -0700 

Module Name:    src
Committed By:   rillig
Date:           Mon Jul 20 15:15:32 UTC 2020

Modified Files:
        src/usr.bin/make: var.c

Log Message:
make(1): fix undefined behavior in :S modifier

The expression word + wordLen - leftLen had resulted in an out-of-bounds
pointer before.  Luckily the heap addresses were high enough in typical
applications to prevent a wrap-around.


To generate a diff of this commit:
cvs rdiff -u -r1.279 -r1.280 src/usr.bin/make/var.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/make/var.c
diff -u src/usr.bin/make/var.c:1.279 src/usr.bin/make/var.c:1.280
--- src/usr.bin/make/var.c:1.279	Mon Jul 20 15:10:35 2020
+++ src/usr.bin/make/var.c	Mon Jul 20 15:15:32 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: var.c,v 1.279 2020/07/20 15:10:35 rillig Exp $	*/
+/*	$NetBSD: var.c,v 1.280 2020/07/20 15:15:32 rillig Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -69,14 +69,14 @@
  */
 
 #ifndef MAKE_NATIVE
-static char rcsid[] = "$NetBSD: var.c,v 1.279 2020/07/20 15:10:35 rillig Exp $";
+static char rcsid[] = "$NetBSD: var.c,v 1.280 2020/07/20 15:15:32 rillig Exp $";
 #else
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
 static char sccsid[] = "@(#)var.c	8.3 (Berkeley) 3/19/94";
 #else
-__RCSID("$NetBSD: var.c,v 1.279 2020/07/20 15:10:35 rillig Exp $");
+__RCSID("$NetBSD: var.c,v 1.280 2020/07/20 15:15:32 rillig Exp $");
 #endif
 #endif /* not lint */
 #endif
@@ -1379,11 +1379,13 @@ VarSubstitute(GNode *ctx MAKE_ATTR_UNUSE
     }
 
     if (pattern->pflags & VARP_MATCH_END) {
-	const char *cp = word + (wordLen - pattern->leftLen);
-	if (cp < word || strncmp(cp, pattern->lhs, pattern->leftLen) != 0)
+	if (wordLen < (size_t)pattern->leftLen)
+	    goto nosub;
+	const char *start = word + (wordLen - pattern->leftLen);
+	if (memcmp(start, pattern->lhs, pattern->leftLen) != 0)
 	    goto nosub;
 
-	SepBuf_AddBytes(buf, word, cp - word);
+	SepBuf_AddBytes(buf, word, start - word);
 	SepBuf_AddBytes(buf, pattern->rhs, pattern->rightLen);
 	pattern->pflags |= VARP_SUB_MATCHED;
 	return;

Reply via email to