Bug 214973 - bmake segfault on parenthesized variables.
Summary: bmake segfault on parenthesized variables.
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.0-STABLE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-toolchain (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-12-01 04:27 UTC by Ori Bernstein
Modified: 2024-01-29 19:10 UTC (History)
1 user (show)

See Also:

Attachments
Fixes segfault in bmake. Possibly sketchy. (435 bytes, patch)
2016-12-01 04:27 UTC, Ori Bernstein 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ori Bernstein 2016-12-01 04:27:40 UTC 
Created attachment 177565 [details]
Fixes segfault in bmake. Possibly sketchy.

Turns out that I can trivially segfault make with this input:

	(FOO)=val

This happens because in /usr/src/contrib/bmake/parse.c:1862 or
so, we start off with:

	for (depth = 0, cp = line + 1; depth > 0 || *cp != '='; cp++) {

which skips over the opening '(', meaning that when we see the closing ')',
the depth becomes negative, and we never break out of the loop, eventually
reading outside of mapped memory.

Starting off with 'cp = line', as in the attached patch, seems to work,
although I'm a bit suspicious about it breaking some subtle case when
parsing variables.

Still, I tested by:

	cd /usr/src/usr.bin/bmake; make; make install
	cd /usr/src/lib/libc; make clean; make
	
Seems to work. 'make world' is running now.
Comment 1 Mark Johnston freebsd_committer freebsd_triage 2024-01-29 19:10:38 UTC 
This appears to have been fixed since the bug report was submitted - I can't reproduce the crash on supported FreeBSD versions.  Please re-open if you find this not to be the case.