Update awk to Aug 30, 2022 version.

Various leaks and use-after-free issues plugged/fixed.

diff --git a/usr.bin/awk/FIXES b/usr.bin/awk/FIXES
index e5ee5cf..ec76a4e 100644 (file)
--- a/usr.bin/awk/FIXES
+++ b/usr.bin/awk/FIXES
@@ -23,8 +23,11 @@ THIS SOFTWARE.
 ****************************************************************/
 
 This file lists all bug fixes, changes, etc., made since the AWK book
-was sent to the printers in August, 1987.
+was sent to the printers in August 1987.
 
+Aug 30, 2022:
+       Various leaks and use-after-free issues plugged/fixed.
+       Thanks to Miguel Pineiro Jr. <mpj@pineiro.cc>.
 
 May 23, 2022:
        Memory leak when assigning a string to some of the built-in
@@ -326,7 +329,7 @@ Mar 3, 2019:
        #12: Avoid undefined behaviour when using ctype(3) functions in
             relex(). Thanks to GitHub user iamleot.
        #31: Make getline handle numeric strings, and update FIXES. Thanks
-            to GitHub user arnoldrobbins.
+            to GitHub user Arnold Robbins (arnoldrobbins)
        #32: maketab: support build systems with read-only source. Thanks
             to GitHub user enh.
 

diff --git a/usr.bin/awk/awk.h b/usr.bin/awk/awk.h
index 25dfec2..1c389ce 100644 (file)
--- a/usr.bin/awk/awk.h
+++ b/usr.bin/awk/awk.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: awk.h,v 1.27 2020/08/28 16:29:16 millert Exp $        */
+/*     $OpenBSD: awk.h,v 1.28 2022/09/01 15:21:28 millert Exp $        */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -38,7 +38,7 @@ typedef double        Awkfloat;
 
 typedef        unsigned char uschar;
 
-#define        xfree(a)        { if ((a) != NULL) { free((void *)(intptr_t)(a)); (a) = NULL; } }
+#define        xfree(a)        { free((void *)(intptr_t)(a)); (a) = NULL; }
 /*
  * We sometimes cheat writing read-only pointers to NUL-terminate them
  * and then put back the original value

diff --git a/usr.bin/awk/awkgram.y b/usr.bin/awk/awkgram.y
index 4d76c9d..f9a5330 100644 (file)
--- a/usr.bin/awk/awkgram.y
+++ b/usr.bin/awk/awkgram.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: awkgram.y,v 1.14 2020/06/13 01:21:01 millert Exp $    */
+/*     $OpenBSD: awkgram.y,v 1.15 2022/09/01 15:21:28 millert Exp $    */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -207,9 +207,10 @@ ppattern:
                { $$ = op2(AND, notnull($1), notnull($3)); }
        | ppattern MATCHOP reg_expr     { $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); }
        | ppattern MATCHOP ppattern
-               { if (constnode($3))
+               { if (constnode($3)) {
                        $$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0));
-                 else
+                       free($3);
+                 } else
                        $$ = op3($2, (Node *)1, $1, $3); }
        | ppattern IN varname           { $$ = op2(INTEST, $1, makearr($3)); }
        | '(' plist ')' IN varname      { $$ = op2(INTEST, $2, makearr($5)); }
@@ -234,9 +235,10 @@ pattern:
        | pattern NE pattern            { $$ = op2($2, $1, $3); }
        | pattern MATCHOP reg_expr      { $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); }
        | pattern MATCHOP pattern
-               { if (constnode($3))
+               { if (constnode($3)) {
                        $$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0));
-                 else
+                       free($3);
+                 } else
                        $$ = op3($2, (Node *)1, $1, $3); }
        | pattern IN varname            { $$ = op2(INTEST, $1, makearr($3)); }
        | '(' plist ')' IN varname      { $$ = op2(INTEST, $2, makearr($5)); }
@@ -379,17 +381,19 @@ term:
        | GENSUB '(' reg_expr comma pattern comma pattern ')'
                { $$ = op5(GENSUB, NIL, (Node*)makedfa($3, 1), $5, $7, rectonode()); }
        | GENSUB '(' pattern comma pattern comma pattern ')'
-               { if (constnode($3))
+               { if (constnode($3)) {
                        $$ = op5(GENSUB, NIL, (Node *)makedfa(strnode($3), 1), $5, $7, rectonode());
-                 else
+                       free($3);
+                 } else
                        $$ = op5(GENSUB, (Node *)1, $3, $5, $7, rectonode());
                }
        | GENSUB '(' reg_expr comma pattern comma pattern comma pattern ')'
                { $$ = op5(GENSUB, NIL, (Node*)makedfa($3, 1), $5, $7, $9); }
        | GENSUB '(' pattern comma pattern comma pattern comma pattern ')'
-               { if (constnode($3))
+               { if (constnode($3)) {
                        $$ = op5(GENSUB, NIL, (Node *)makedfa(strnode($3),1), $5,$7,$9);
-                 else
+                       free($3);
+                 } else
                        $$ = op5(GENSUB, (Node *)1, $3, $5, $7, $9);
                }
        | GETLINE var LT term           { $$ = op3(GETLINE, $2, itonp($3), $4); }
@@ -405,9 +409,10 @@ term:
        | MATCHFCN '(' pattern comma reg_expr ')'
                { $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa($5, 1)); }
        | MATCHFCN '(' pattern comma pattern ')'
-               { if (constnode($5))
+               { if (constnode($5)) {
                        $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa(strnode($5), 1));
-                 else
+                       free($5);
+                 } else
                        $$ = op3(MATCHFCN, (Node *)1, $3, $5); }
        | NUMBER                        { $$ = celltonode($1, CCON); }
        | SPLIT '(' pattern comma varname comma pattern ')'     /* string */
@@ -421,16 +426,18 @@ term:
        | subop '(' reg_expr comma pattern ')'
                { $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, rectonode()); }
        | subop '(' pattern comma pattern ')'
-               { if (constnode($3))
+               { if (constnode($3)) {
                        $$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, rectonode());
-                 else
+                       free($3);
+                 } else
                        $$ = op4($1, (Node *)1, $3, $5, rectonode()); }
        | subop '(' reg_expr comma pattern comma var ')'
                { $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, $7); }
        | subop '(' pattern comma pattern comma var ')'
-               { if (constnode($3))
+               { if (constnode($3)) {
                        $$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, $7);
-                 else
+                       free($3);
+                 } else
                        $$ = op4($1, (Node *)1, $3, $5, $7); }
        | SUBSTR '(' pattern comma pattern comma pattern ')'
                { $$ = op3(SUBSTR, $3, $5, $7); }

diff --git a/usr.bin/awk/lex.c b/usr.bin/awk/lex.c
index 42feeae..39c9a05 100644 (file)
--- a/usr.bin/awk/lex.c
+++ b/usr.bin/awk/lex.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: lex.c,v 1.27 2020/12/09 20:00:11 millert Exp $        */
+/*     $OpenBSD: lex.c,v 1.28 2022/09/01 15:21:28 millert Exp $        */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -536,7 +536,7 @@ int regexpr(void)
        char *bp, *cstart;
 
        if (buf == NULL && (buf = (char *) malloc(bufsz)) == NULL)
-               FATAL("out of space for rex expr");
+               FATAL("out of space for reg expr");
        bp = buf;
        for ( ; ((c = input()) != '/' || openclass > 0) && c != 0; ) {
                if (!adjbuf(&buf, &bufsz, bp-buf+3, 500, &bp, "regexpr"))
@@ -579,7 +579,7 @@ int regexpr(void)
        *bp = 0;
        if (c == 0)
                SYNTAX("non-terminated regular expression %.10s...", buf);
-       yylval.s = tostring(buf);
+       yylval.s = buf;
        unput('/');
        RET(REGEXPR);
 }

diff --git a/usr.bin/awk/lib.c b/usr.bin/awk/lib.c
index 0b58ed5..87cc78e 100644 (file)
--- a/usr.bin/awk/lib.c
+++ b/usr.bin/awk/lib.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: lib.c,v 1.48 2022/06/03 19:42:27 millert Exp $        */
+/*     $OpenBSD: lib.c,v 1.49 2022/09/01 15:21:28 millert Exp $        */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -311,6 +311,7 @@ void setclvar(char *s)      /* set var=value from s */
                q->tval |= NUM;
        }
        DPRINTF("command line set %s to |%s|\n", s, p);
+       free(p);
        *e = '=';
 }
 

diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c
index 6ce4ed5..6edec09 100644 (file)
--- a/usr.bin/awk/main.c
+++ b/usr.bin/awk/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.54 2022/06/03 19:46:09 millert Exp $       */
+/*     $OpenBSD: main.c,v 1.55 2022/09/01 15:21:28 millert Exp $       */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -23,7 +23,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 ****************************************************************/
 
-const char     *version = "version 20220530";
+const char     *version = "version 20220830";
 
 #define DEBUG
 #include <stdio.h>

diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c
index 860911a..0551595 100644 (file)
--- a/usr.bin/awk/run.c
+++ b/usr.bin/awk/run.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: run.c,v 1.72 2022/06/03 19:40:56 millert Exp $        */
+/*     $OpenBSD: run.c,v 1.73 2022/09/01 15:21:28 millert Exp $        */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -972,8 +972,10 @@ int format(char **pbuf, int *pbufsize, const char *s, Node *a)     /* printf-like co
        }
        *p = '\0';
        free(fmt);
-       for ( ; a; a = a->nnext)                /* evaluate any remaining args */
-               execute(a);
+       for ( ; a; a = a->nnext) {              /* evaluate any remaining args */
+               x = execute(a);
+               tempfree(x);
+       }
        *pbuf = buf;
        *pbufsize = bufsize;
        return p - buf;
@@ -1269,6 +1271,7 @@ Cell *split(Node **a, int nnn)    /* split(a[0], a[1], a[2]); a[3] is type */
        origs = s = strdup(getsval(y));
        if (s == NULL)
                FATAL("out of space in split");
+       tempfree(y);
        arg3type = ptoi(a[3]);
        if (a[2] == NULL)               /* fs string */
                fs = getsval(fsloc);
@@ -1391,7 +1394,6 @@ Cell *split(Node **a, int nnn)    /* split(a[0], a[1], a[2]); a[3] is type */
                }
        }
        tempfree(ap);
-       tempfree(y);
        xfree(origs);
        xfree(origfs);
        x = gettemp();
@@ -1836,8 +1838,10 @@ Cell *bltin(Node **a, int n)     /* builtin functions. a[0] is type, a[1] is arg lis
        setfval(x, u);
        if (nextarg != NULL) {
                WARNING("warning: function has too many arguments");
-               for ( ; nextarg; nextarg = nextarg->nnext)
-                       execute(nextarg);
+               for ( ; nextarg; nextarg = nextarg->nnext) {
+                       y = execute(nextarg);
+                       tempfree(y);
+               }
        }
        return(x);
 }