From: millert <millert@openbsd.org>
Date: Thu, 1 Sep 2022 15:21:28 +0000 (+0000)
Subject: Update awk to Aug 30, 2022 version.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=dd20eed5342e3efda7af3aec17f18ff45fc06db6;p=openbsd

Update awk to Aug 30, 2022 version.
Various leaks and use-after-free issues plugged/fixed.
---

diff --git a/usr.bin/awk/FIXES b/usr.bin/awk/FIXES
index e5ee5cfc803..ec76a4ee1b8 100644
--- a/usr.bin/awk/FIXES
+++ b/usr.bin/awk/FIXES
@@ -23,8 +23,11 @@ THIS SOFTWARE.
 ****************************************************************/
 
 This file lists all bug fixes, changes, etc., made since the AWK book
-was sent to the printers in August, 1987.
+was sent to the printers in August 1987.
 
+Aug 30, 2022:
+	Various leaks and use-after-free issues plugged/fixed.
+	Thanks to Miguel Pineiro Jr. <mpj@pineiro.cc>.
 
 May 23, 2022:
 	Memory leak when assigning a string to some of the built-in
@@ -326,7 +329,7 @@ Mar 3, 2019:
 	#12: Avoid undefined behaviour when using ctype(3) functions in
 	     relex(). Thanks to GitHub user iamleot.
 	#31: Make getline handle numeric strings, and update FIXES. Thanks
-	     to GitHub user arnoldrobbins.
+	     to GitHub user Arnold Robbins (arnoldrobbins)
 	#32: maketab: support build systems with read-only source. Thanks
 	     to GitHub user enh.
 
diff --git a/usr.bin/awk/awk.h b/usr.bin/awk/awk.h
index 25dfec2fcc4..1c389ce8c20 100644
--- a/usr.bin/awk/awk.h
+++ b/usr.bin/awk/awk.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: awk.h,v 1.27 2020/08/28 16:29:16 millert Exp $	*/
+/*	$OpenBSD: awk.h,v 1.28 2022/09/01 15:21:28 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -38,7 +38,7 @@ typedef double	Awkfloat;
 
 typedef	unsigned char uschar;
 
-#define	xfree(a)	{ if ((a) != NULL) { free((void *)(intptr_t)(a)); (a) = NULL; } }
+#define	xfree(a)	{ free((void *)(intptr_t)(a)); (a) = NULL; }
 /*
  * We sometimes cheat writing read-only pointers to NUL-terminate them
  * and then put back the original value
diff --git a/usr.bin/awk/awkgram.y b/usr.bin/awk/awkgram.y
index 4d76c9d5e22..f9a5330078b 100644
--- a/usr.bin/awk/awkgram.y
+++ b/usr.bin/awk/awkgram.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: awkgram.y,v 1.14 2020/06/13 01:21:01 millert Exp $	*/
+/*	$OpenBSD: awkgram.y,v 1.15 2022/09/01 15:21:28 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -207,9 +207,10 @@ ppattern:
 		{ $$ = op2(AND, notnull($1), notnull($3)); }
 	| ppattern MATCHOP reg_expr	{ $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); }
 	| ppattern MATCHOP ppattern
-		{ if (constnode($3))
+		{ if (constnode($3)) {
 			$$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0));
-		  else
+			free($3);
+		  } else
 			$$ = op3($2, (Node *)1, $1, $3); }
 	| ppattern IN varname		{ $$ = op2(INTEST, $1, makearr($3)); }
 	| '(' plist ')' IN varname	{ $$ = op2(INTEST, $2, makearr($5)); }
@@ -234,9 +235,10 @@ pattern:
 	| pattern NE pattern		{ $$ = op2($2, $1, $3); }
 	| pattern MATCHOP reg_expr	{ $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); }
 	| pattern MATCHOP pattern
-		{ if (constnode($3))
+		{ if (constnode($3)) {
 			$$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0));
-		  else
+			free($3);
+		  } else
 			$$ = op3($2, (Node *)1, $1, $3); }
 	| pattern IN varname		{ $$ = op2(INTEST, $1, makearr($3)); }
 	| '(' plist ')' IN varname	{ $$ = op2(INTEST, $2, makearr($5)); }
@@ -379,17 +381,19 @@ term:
 	| GENSUB '(' reg_expr comma pattern comma pattern ')'
 		{ $$ = op5(GENSUB, NIL, (Node*)makedfa($3, 1), $5, $7, rectonode()); }
 	| GENSUB '(' pattern comma pattern comma pattern ')'
-		{ if (constnode($3))
+		{ if (constnode($3)) {
 			$$ = op5(GENSUB, NIL, (Node *)makedfa(strnode($3), 1), $5, $7, rectonode());
-		  else
+			free($3);
+		  } else
 			$$ = op5(GENSUB, (Node *)1, $3, $5, $7, rectonode());
 		}
 	| GENSUB '(' reg_expr comma pattern comma pattern comma pattern ')'
 		{ $$ = op5(GENSUB, NIL, (Node*)makedfa($3, 1), $5, $7, $9); }
 	| GENSUB '(' pattern comma pattern comma pattern comma pattern ')'
-		{ if (constnode($3))
+		{ if (constnode($3)) {
 			$$ = op5(GENSUB, NIL, (Node *)makedfa(strnode($3),1), $5,$7,$9);
-		  else
+			free($3);
+		  } else
 			$$ = op5(GENSUB, (Node *)1, $3, $5, $7, $9);
 		}
 	| GETLINE var LT term		{ $$ = op3(GETLINE, $2, itonp($3), $4); }
@@ -405,9 +409,10 @@ term:
 	| MATCHFCN '(' pattern comma reg_expr ')'
 		{ $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa($5, 1)); }
 	| MATCHFCN '(' pattern comma pattern ')'
-		{ if (constnode($5))
+		{ if (constnode($5)) {
 			$$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa(strnode($5), 1));
-		  else
+			free($5);
+		  } else
 			$$ = op3(MATCHFCN, (Node *)1, $3, $5); }
 	| NUMBER			{ $$ = celltonode($1, CCON); }
 	| SPLIT '(' pattern comma varname comma pattern ')'     /* string */
@@ -421,16 +426,18 @@ term:
 	| subop '(' reg_expr comma pattern ')'
 		{ $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, rectonode()); }
 	| subop '(' pattern comma pattern ')'
-		{ if (constnode($3))
+		{ if (constnode($3)) {
 			$$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, rectonode());
-		  else
+			free($3);
+		  } else
 			$$ = op4($1, (Node *)1, $3, $5, rectonode()); }
 	| subop '(' reg_expr comma pattern comma var ')'
 		{ $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, $7); }
 	| subop '(' pattern comma pattern comma var ')'
-		{ if (constnode($3))
+		{ if (constnode($3)) {
 			$$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, $7);
-		  else
+			free($3);
+		  } else
 			$$ = op4($1, (Node *)1, $3, $5, $7); }
 	| SUBSTR '(' pattern comma pattern comma pattern ')'
 		{ $$ = op3(SUBSTR, $3, $5, $7); }
diff --git a/usr.bin/awk/lex.c b/usr.bin/awk/lex.c
index 42feeae9962..39c9a05abf1 100644
--- a/usr.bin/awk/lex.c
+++ b/usr.bin/awk/lex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lex.c,v 1.27 2020/12/09 20:00:11 millert Exp $	*/
+/*	$OpenBSD: lex.c,v 1.28 2022/09/01 15:21:28 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -536,7 +536,7 @@ int regexpr(void)
 	char *bp, *cstart;
 
 	if (buf == NULL && (buf = (char *) malloc(bufsz)) == NULL)
-		FATAL("out of space for rex expr");
+		FATAL("out of space for reg expr");
 	bp = buf;
 	for ( ; ((c = input()) != '/' || openclass > 0) && c != 0; ) {
 		if (!adjbuf(&buf, &bufsz, bp-buf+3, 500, &bp, "regexpr"))
@@ -579,7 +579,7 @@ int regexpr(void)
 	*bp = 0;
 	if (c == 0)
 		SYNTAX("non-terminated regular expression %.10s...", buf);
-	yylval.s = tostring(buf);
+	yylval.s = buf;
 	unput('/');
 	RET(REGEXPR);
 }
diff --git a/usr.bin/awk/lib.c b/usr.bin/awk/lib.c
index 0b58ed55e5a..87cc78ea58a 100644
--- a/usr.bin/awk/lib.c
+++ b/usr.bin/awk/lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lib.c,v 1.48 2022/06/03 19:42:27 millert Exp $	*/
+/*	$OpenBSD: lib.c,v 1.49 2022/09/01 15:21:28 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -311,6 +311,7 @@ void setclvar(char *s)	/* set var=value from s */
 		q->tval |= NUM;
 	}
 	DPRINTF("command line set %s to |%s|\n", s, p);
+	free(p);
 	*e = '=';
 }
 
diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c
index 6ce4ed58d4b..6edec091924 100644
--- a/usr.bin/awk/main.c
+++ b/usr.bin/awk/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.54 2022/06/03 19:46:09 millert Exp $	*/
+/*	$OpenBSD: main.c,v 1.55 2022/09/01 15:21:28 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -23,7 +23,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 ****************************************************************/
 
-const char	*version = "version 20220530";
+const char	*version = "version 20220830";
 
 #define DEBUG
 #include <stdio.h>
diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c
index 860911acc40..055159584c4 100644
--- a/usr.bin/awk/run.c
+++ b/usr.bin/awk/run.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: run.c,v 1.72 2022/06/03 19:40:56 millert Exp $	*/
+/*	$OpenBSD: run.c,v 1.73 2022/09/01 15:21:28 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -972,8 +972,10 @@ int format(char **pbuf, int *pbufsize, const char *s, Node *a)	/* printf-like co
 	}
 	*p = '\0';
 	free(fmt);
-	for ( ; a; a = a->nnext)		/* evaluate any remaining args */
-		execute(a);
+	for ( ; a; a = a->nnext) {		/* evaluate any remaining args */
+		x = execute(a);
+		tempfree(x);
+	}
 	*pbuf = buf;
 	*pbufsize = bufsize;
 	return p - buf;
@@ -1269,6 +1271,7 @@ Cell *split(Node **a, int nnn)	/* split(a[0], a[1], a[2]); a[3] is type */
 	origs = s = strdup(getsval(y));
 	if (s == NULL)
 		FATAL("out of space in split");
+	tempfree(y);
 	arg3type = ptoi(a[3]);
 	if (a[2] == NULL)		/* fs string */
 		fs = getsval(fsloc);
@@ -1391,7 +1394,6 @@ Cell *split(Node **a, int nnn)	/* split(a[0], a[1], a[2]); a[3] is type */
 		}
 	}
 	tempfree(ap);
-	tempfree(y);
 	xfree(origs);
 	xfree(origfs);
 	x = gettemp();
@@ -1836,8 +1838,10 @@ Cell *bltin(Node **a, int n)	/* builtin functions. a[0] is type, a[1] is arg lis
 	setfval(x, u);
 	if (nextarg != NULL) {
 		WARNING("warning: function has too many arguments");
-		for ( ; nextarg; nextarg = nextarg->nnext)
-			execute(nextarg);
+		for ( ; nextarg; nextarg = nextarg->nnext) {
+			y = execute(nextarg);
+			tempfree(y);
+		}
 	}
 	return(x);
 }