[src/trunk]: src/usr.bin/make make: fix out-of-bounds read when parsing an in...

[rillig <rillig%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/19892b71aa49
branches:  trunk
changeset: 368655:19892b71aa49
user:      rillig <rillig%NetBSD.org@localhost>
date:      Sun Jul 24 20:25:23 2022 +0000

description:
make: fix out-of-bounds read when parsing an invalid line

Reported by Robert Morris in https://bugs.freebsd.org/265119.

Since 2021-12-14.

diffstat:

 usr.bin/make/parse.c              |  18 +++++++++++++-----
 usr.bin/make/unit-tests/parse.exp |   1 +
 usr.bin/make/unit-tests/parse.mk  |  12 +++++++++++-
 3 files changed, 25 insertions(+), 6 deletions(-)

diffs (88 lines):

diff -r 6d29aa3fd7a1 -r 19892b71aa49 usr.bin/make/parse.c
--- a/usr.bin/make/parse.c      Sun Jul 24 20:05:08 2022 +0000
+++ b/usr.bin/make/parse.c      Sun Jul 24 20:25:23 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: parse.c,v 1.680 2022/06/12 13:37:32 rillig Exp $       */
+/*     $NetBSD: parse.c,v 1.681 2022/07/24 20:25:23 rillig Exp $       */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -105,7 +105,7 @@
 #include "pathnames.h"
 
 /*     "@(#)parse.c    8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: parse.c,v 1.680 2022/06/12 13:37:32 rillig Exp $");
+MAKE_RCSID("$NetBSD: parse.c,v 1.681 2022/07/24 20:25:23 rillig Exp $");
 
 /*
  * A file being read.
@@ -1104,10 +1104,12 @@
 {
        if (**pp == '!')
                return (*pp)++, OP_FORCE;
-       if ((*pp)[1] == ':')
+       if (**pp == ':' && (*pp)[1] == ':')
                return *pp += 2, OP_DOUBLEDEP;
+       else if (**pp == ':')
+               return (*pp)++, OP_DEPENDS;
        else
-               return (*pp)++, OP_DEPENDS;
+               return OP_NONE;
 }
 
 static void
@@ -1562,6 +1564,7 @@
        ParseSpecial special;   /* in special targets, the children are
                                 * linked as children of the parent but not
                                 * vice versa */
+       GNodeType op;
 
        DEBUG1(PARSE, "ParseDependency(%s)\n", line);
        p = line;
@@ -1575,7 +1578,12 @@
        if (!Lst_IsEmpty(targets))
                CheckSpecialMundaneMixture(special);
 
-       ApplyDependencyOperator(ParseDependencyOp(&p));
+       op = ParseDependencyOp(&p);
+       if (op == OP_NONE) {
+               InvalidLineType(line);
+               goto out;
+       }
+       ApplyDependencyOperator(op);
 
        pp_skip_whitespace(&p);
 
diff -r 6d29aa3fd7a1 -r 19892b71aa49 usr.bin/make/unit-tests/parse.exp
--- a/usr.bin/make/unit-tests/parse.exp Sun Jul 24 20:05:08 2022 +0000
+++ b/usr.bin/make/unit-tests/parse.exp Sun Jul 24 20:25:23 2022 +0000
@@ -1,5 +1,6 @@
 make: "parse.mk" line 7: Makefile appears to contain unresolved CVS/RCS/??? merge conflicts
 make: "parse.mk" line 14: Makefile appears to contain unresolved CVS/RCS/??? merge conflicts
+make: "parse.mk" line 24: Invalid line type
 make: Fatal errors encountered -- cannot continue
 make: stopped in unit-tests
 exit status 1
diff -r 6d29aa3fd7a1 -r 19892b71aa49 usr.bin/make/unit-tests/parse.mk
--- a/usr.bin/make/unit-tests/parse.mk  Sun Jul 24 20:05:08 2022 +0000
+++ b/usr.bin/make/unit-tests/parse.mk  Sun Jul 24 20:25:23 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: parse.mk,v 1.2 2022/01/22 17:10:51 rillig Exp $
+# $NetBSD: parse.mk,v 1.3 2022/07/24 20:25:23 rillig Exp $
 #
 # Test those parts of the parsing that do not belong in any of the other
 # categories.
@@ -12,3 +12,13 @@
 
 # expect+1: Makefile appears to contain unresolved CVS/RCS/??? merge conflicts
 >>>>>> new
+
+
+# Since parse.c 1.578 from 2021-12-14 and before parse.c 1.681 from
+# 2022-07-24, if a line of a makefile could only be a dependency specification
+# but didn't contain any of the dependency operators ':', '!', '::' and its
+# expansion ended with a space, make read a single byte from the memory beyond
+# the expanded line's terminating '\0'.
+#
+# https://bugs.freebsd.org/265119
+one-target ${:U }