From 1ba75be16dd230788bd7e15f8304ec0b071c3ce1 Mon Sep 17 00:00:00 2001 From: millert Date: Sat, 28 Oct 2023 22:38:22 +0000 Subject: [PATCH] substr: fix buffer overflow with utf-8 strings We need to use u8_strlen(), not strlen(), to compute the length. Otherwise, there may be an out of bounds write when writing the NUL terminator to set the length of the substring. https://github.com/onetrueawk/awk/pull/205 --- usr.bin/awk/run.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c index 1c1b72c6dd8..6e72ec1ceb7 100644 --- a/usr.bin/awk/run.c +++ b/usr.bin/awk/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.79 2023/10/06 22:29:24 millert Exp $ */ +/* $OpenBSD: run.c,v 1.80 2023/10/28 22:38:22 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -986,7 +986,7 @@ Cell *substr(Node **a, int nnn) /* substr(a[0], a[1], a[2]) */ if (a[2] != NULL) z = execute(a[2]); s = getsval(x); - k = strlen(s) + 1; + k = u8_strlen(s) + 1; if (k <= 1) { tempfree(x); tempfree(y); -- 2.20.1