NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/52638: m4 dumps core in ifelse()

>Number:         52638
>Category:       bin
>Synopsis:       m4 dumps core in ifelse()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 22 19:50:00 +0000 2017
>Originator:     matthew green
>Release:        NetBSD 6, 7, 8, -current
people's front against (bozotic) www (softwar foundation)
Architecture: x86
Machine: x86

	given a potentially illegal ifelse() sequence m4 dumps core.


	i reduced the case to this:

		ifelse(A, "s", define(X, `Y'), define(X, `Z'),)

	just passing this file to m4 triggers the bug.  the problem is related
	to the quoting as this version does not core dump:

		ifelse(A, "s", `define(X, Y)', `define(X, Z)',)

	on my netbsd-8 system gdb on the m4.core shows:

	Program terminated with signal SIGSEGV, Segmentation fault.
	#0  0x000072c07aef0da1 in strlen () from /usr/lib/
	(gdb) bt
	#0  0x000072c07aef0da1 in strlen () from /usr/lib/
	#1  0x000000011ec076ca in pbstr (s=0x402 <error: Cannot access memory at address 0x402>) at /usr/8/src/usr.bin/m4/misc.c:105
	#2  0x000000011ec04d93 in expand_builtin (td=<optimized out>, argc=4, argv=0x72c07ad08038) at /usr/8/src/usr.bin/m4/eval.c:219
	#3  eval (argv=<optimized out>, argc=<optimized out>, td=<optimized out>, is_traced=<optimized out>) at /usr/8/src/usr.bin/m4/eval.c:118
	#4  0x000000011ec06c53 in macro () at /usr/8/src/usr.bin/m4/main.c:594
	#5  0x000000011ec099cc in main (argc=0, argv=0x7f7fff7b8548) at /usr/8/src/usr.bin/m4/main.c:368


Home | Main Index | Thread Index | Old Index