Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/make make: fix use-after-free in -dp mode (since yes...
details: https://anonhg.NetBSD.org/src/rev/d2cfe02af055
branches: trunk
changeset: 359549:d2cfe02af055
user: rillig <rillig%NetBSD.org@localhost>
date: Sun Jan 09 12:43:52 2022 +0000
description:
make: fix use-after-free in -dp mode (since yesterday)
In a .for loop that contains an unclosed .if directive,
Cond_restore_depth generates an error message. If stack traces are
enabled using the option '-dp', the details of the .for loop are added
to the stack trace, but at that point, the ForLoop had already been
freed. To reproduce:
make-2022.01.09.00.33.57 -r -f unit-tests/directive-for.mk -dp
diffstat:
usr.bin/make/for.c | 22 ++++++++++++----------
usr.bin/make/nonints.h | 3 ++-
usr.bin/make/parse.c | 6 ++++--
3 files changed, 18 insertions(+), 13 deletions(-)
diffs (104 lines):
diff -r 6909c4c94f3e -r d2cfe02af055 usr.bin/make/for.c
--- a/usr.bin/make/for.c Sun Jan 09 11:43:58 2022 +0000
+++ b/usr.bin/make/for.c Sun Jan 09 12:43:52 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: for.c,v 1.162 2022/01/09 00:33:57 rillig Exp $ */
+/* $NetBSD: for.c,v 1.163 2022/01/09 12:43:52 rillig Exp $ */
/*
* Copyright (c) 1992, The Regents of the University of California.
@@ -58,7 +58,7 @@
#include "make.h"
/* "@(#)for.c 8.1 (Berkeley) 6/6/93" */
-MAKE_RCSID("$NetBSD: for.c,v 1.162 2022/01/09 00:33:57 rillig Exp $");
+MAKE_RCSID("$NetBSD: for.c,v 1.163 2022/01/09 12:43:52 rillig Exp $");
typedef struct ForLoop {
@@ -85,7 +85,7 @@
return f;
}
-static void
+void
ForLoop_Free(ForLoop *f)
{
while (f->vars.len > 0)
@@ -101,11 +101,16 @@
char *
ForLoop_Details(ForLoop *f)
{
- size_t i, n = f->vars.len;
- const char **vars = f->vars.items;
- const Substring *items = f->items.words + f->nextItem - n;
+ size_t i, n;
+ const char **vars;
+ const Substring *items;
Buffer buf;
+ n = f->vars.len;
+ vars = f->vars.items;
+ assert(f->nextItem >= n);
+ items = f->items.words + f->nextItem - n;
+
Buf_Init(&buf);
for (i = 0; i < n; i++) {
if (i > 0)
@@ -474,11 +479,8 @@
bool
For_NextIteration(ForLoop *f, Buffer *body)
{
- if (f->nextItem == f->items.len) {
- /* No more iterations */
- ForLoop_Free(f);
+ if (f->nextItem == f->items.len)
return false;
- }
ForLoop_SubstBody(f, body);
DEBUG1(FOR, "For: loop body:\n%s", body->data);
diff -r 6909c4c94f3e -r d2cfe02af055 usr.bin/make/nonints.h
--- a/usr.bin/make/nonints.h Sun Jan 09 11:43:58 2022 +0000
+++ b/usr.bin/make/nonints.h Sun Jan 09 12:43:52 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nonints.h,v 1.235 2022/01/08 23:52:26 rillig Exp $ */
+/* $NetBSD: nonints.h,v 1.236 2022/01/09 12:43:52 rillig Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1993
@@ -122,6 +122,7 @@
void For_Run(int, int);
bool For_NextIteration(struct ForLoop *, Buffer *);
char *ForLoop_Details(struct ForLoop *);
+void ForLoop_Free(struct ForLoop *);
/* job.c */
void JobReapChild(pid_t, int, bool);
diff -r 6909c4c94f3e -r d2cfe02af055 usr.bin/make/parse.c
--- a/usr.bin/make/parse.c Sun Jan 09 11:43:58 2022 +0000
+++ b/usr.bin/make/parse.c Sun Jan 09 12:43:52 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.c,v 1.646 2022/01/09 11:43:58 rillig Exp $ */
+/* $NetBSD: parse.c,v 1.647 2022/01/09 12:43:52 rillig Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1993
@@ -106,7 +106,7 @@
#include "pathnames.h"
/* "@(#)parse.c 8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: parse.c,v 1.646 2022/01/09 11:43:58 rillig Exp $");
+MAKE_RCSID("$NetBSD: parse.c,v 1.647 2022/01/09 12:43:52 rillig Exp $");
/*
* A file being read.
@@ -2253,6 +2253,8 @@
FStr_Done(&curFile->name);
Buf_Done(&curFile->buf);
+ if (curFile->forLoop != NULL)
+ ForLoop_Free(curFile->forLoop);
Vector_Pop(&includes);
if (includes.len == 0) {
Home |
Main Index |
Thread Index |
Old Index