CVS commit: src/usr.bin/make

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/usr.bin/make
From: "Roland Illig" <rillig%netbsd.org@localhost>
Date: Sun, 21 Apr 2024 08:56:49 +0000

Module Name:    src
Committed By:   rillig
Date:           Sun Apr 21 08:56:49 UTC 2024

Modified Files:
        src/usr.bin/make: var.c

Log Message:
make: fix out-of-bounds read when evaluating :gmtime and :localtime

The function TryParseTime takes a pointer to a string, but the LazyBuf
returns a Substring, which is not guaranteed to be null-terminated or
delimited.  In TryParseTime, calling strtoul on the Substring read past
the end of the substring.

Noticed in the NetBSD build in libntp, where the :gmtime modifier is
used in two places with the same timestamp value, of which the first was
evaluated correctly and the second wasn't.

The bug was introduced in var.c 1.1050 from 2023-05-09, when the
argument of the :gmtime and :localtime modifiers was allowed to be an
expression instead of an integer constant.


To generate a diff of this commit:
cvs rdiff -u -r1.1102 -r1.1103 src/usr.bin/make/var.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/external/bsd/drm2/dist/drm
Next by Date: CVS commit: src/sys/arch
Previous by Thread: CVS commit: src/sys/external/bsd/drm2/dist/drm
Next by Thread: CVS commit: src/sys/arch
Indexes:

Home | Main Index | Thread Index | Old Index