mirror of
git://git.code.sf.net/p/cdesktopenv/code
synced 2025-03-09 15:50:02 +00:00
lex.c: endword(): fix out-of-bounds index to state table
The lexer use 256-byte state tables (see data/lexstates.c), one
byte per possible value for the (unsigned) char type. But the sp
variable used as an index to a state table in loops like this...
while((n = state[*sp++]) == 0)
;
...is a char*, a pointer to a char. The C standard does not define
if the char type is signed or not (!). On clang and gcc, it is
signed. That means that, whenever a single-byte, high-bit (> 127)
character is encountered, the value wraps around to negative, and a
read occurs outside of the actual state table, causing potentially
incorrect behaviour or a crash.
src/cmd/ksh93/sh/lex.c:
- endword(): Make sp and three related variables explicitly
unsigned char pointers. This requires a bunch of annoying
typecasts to stop compilers complaining; so be it.
- To avoid even more typecasts, make stack_shift() follow suit.
- Reorder variable declarations for legibility.
This commit is contained in:
Martijn Dekker
parent
6728720f8f
commit
3ce064bbba
2 changed files with 21 additions and 18 deletions
3
NEWS
3
NEWS
|
|
@ -7,6 +7,9 @@ Any uppercase BUG_* names are modernish shell bug IDs.
|
|||
|
||||
- Fixed a potential crash on retrieving an empty line from the command history.
|
||||
|
||||
- Fixed a potential crash in the lexical analyser on processing single-byte
|
||||
characters with the highest bit set.
|
||||
|
||||
2022-07-09:
|
||||
|
||||
- Fixed a bug that broke '[[ ... ]]' test expressions for the command
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue