[src/trunk]: src/usr.bin/make make(1): fix undefined behavior in :S modifier

[rillig <rillig%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c10a9a914869
branches:  trunk
changeset: 936171:c10a9a914869
user:      rillig <rillig%NetBSD.org@localhost>
date:      Mon Jul 20 15:15:32 2020 +0000

description:
make(1): fix undefined behavior in :S modifier

The expression word + wordLen - leftLen had resulted in an out-of-bounds
pointer before.  Luckily the heap addresses were high enough in typical
applications to prevent a wrap-around.

diffstat:

 usr.bin/make/var.c |  16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diffs (44 lines):

diff -r 4b0dcc1a6ef5 -r c10a9a914869 usr.bin/make/var.c
--- a/usr.bin/make/var.c        Mon Jul 20 15:11:29 2020 +0000
+++ b/usr.bin/make/var.c        Mon Jul 20 15:15:32 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: var.c,v 1.279 2020/07/20 15:10:35 rillig Exp $ */
+/*     $NetBSD: var.c,v 1.280 2020/07/20 15:15:32 rillig Exp $ */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -69,14 +69,14 @@
  */
 
 #ifndef MAKE_NATIVE
-static char rcsid[] = "$NetBSD: var.c,v 1.279 2020/07/20 15:10:35 rillig Exp $";
+static char rcsid[] = "$NetBSD: var.c,v 1.280 2020/07/20 15:15:32 rillig Exp $";
 #else
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
 static char sccsid[] = "@(#)var.c      8.3 (Berkeley) 3/19/94";
 #else
-__RCSID("$NetBSD: var.c,v 1.279 2020/07/20 15:10:35 rillig Exp $");
+__RCSID("$NetBSD: var.c,v 1.280 2020/07/20 15:15:32 rillig Exp $");
 #endif
 #endif /* not lint */
 #endif
@@ -1379,11 +1379,13 @@
     }
 
     if (pattern->pflags & VARP_MATCH_END) {
-       const char *cp = word + (wordLen - pattern->leftLen);
-       if (cp < word || strncmp(cp, pattern->lhs, pattern->leftLen) != 0)
+       if (wordLen < (size_t)pattern->leftLen)
            goto nosub;
-
-       SepBuf_AddBytes(buf, word, cp - word);
+       const char *start = word + (wordLen - pattern->leftLen);
+       if (memcmp(start, pattern->lhs, pattern->leftLen) != 0)
+           goto nosub;
+
+       SepBuf_AddBytes(buf, word, start - word);
        SepBuf_AddBytes(buf, pattern->rhs, pattern->rightLen);
        pattern->pflags |= VARP_SUB_MATCHED;
        return;