[src/trunk]: src/usr.bin/make make(1): fix out-of-bounds memory access in Par...

[rillig <rillig%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8b9406b6fc04
branches:  trunk
changeset: 940132:8b9406b6fc04
user:      rillig <rillig%NetBSD.org@localhost>
date:      Sun Oct 04 11:58:57 2020 +0000

description:
make(1): fix out-of-bounds memory access in Parse_DoVar

When a line starts with "=value", this is interpreted as a variable
assignment, with an empty variable name.  In that case, there is no
"previous character" from the '='.  Accessing that character therefore
was an out-of-bounds read access.

If a whole file starts with "=value", instead of just a single line,
this out-of-bounds access can actually lead to a segmentation fault.
This depends on the memory allocator though.

diffstat:

 usr.bin/make/parse.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r f276ce9cc29e -r 8b9406b6fc04 usr.bin/make/parse.c
--- a/usr.bin/make/parse.c      Sun Oct 04 10:35:25 2020 +0000
+++ b/usr.bin/make/parse.c      Sun Oct 04 11:58:57 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: parse.c,v 1.350 2020/10/04 10:35:25 rillig Exp $       */
+/*     $NetBSD: parse.c,v 1.351 2020/10/04 11:58:57 rillig Exp $       */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -131,7 +131,7 @@
 #include "pathnames.h"
 
 /*     "@(#)parse.c    8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: parse.c,v 1.350 2020/10/04 10:35:25 rillig Exp $");
+MAKE_RCSID("$NetBSD: parse.c,v 1.351 2020/10/04 11:58:57 rillig Exp $");
 
 /* types and constants */
 
@@ -1790,7 +1790,7 @@
            *cp = '\0';
        }
     }
-    opc = cp-1;                /* operator is the previous character */
+    opc = cp > line ? cp - 1 : cp;     /* operator is the previous character */
     *cp++ = '\0';      /* nuke the = */
 
     /*