Bug 214973
| Summary: | bmake segfault on parenthesized variables. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Ori Bernstein <ori> | ||||
| Component: | bin | Assignee: | freebsd-toolchain (Nobody) <toolchain> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | markj | ||||
| Priority: | --- | Keywords: | patch | ||||
| Version: | 11.0-STABLE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
This appears to have been fixed since the bug report was submitted - I can't reproduce the crash on supported FreeBSD versions. Please re-open if you find this not to be the case. |
Created attachment 177565 [details] Fixes segfault in bmake. Possibly sketchy. Turns out that I can trivially segfault make with this input: (FOO)=val This happens because in /usr/src/contrib/bmake/parse.c:1862 or so, we start off with: for (depth = 0, cp = line + 1; depth > 0 || *cp != '='; cp++) { which skips over the opening '(', meaning that when we see the closing ')', the depth becomes negative, and we never break out of the loop, eventually reading outside of mapped memory. Starting off with 'cp = line', as in the attached patch, seems to work, although I'm a bit suspicious about it breaking some subtle case when parsing variables. Still, I tested by: cd /usr/src/usr.bin/bmake; make; make install cd /usr/src/lib/libc; make clean; make Seems to work. 'make world' is running now.