[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] Core dump in gawk 4.2.0
|
From: |
Andrew J. Schorr |
|
Subject: |
Re: [bug-gawk] Core dump in gawk 4.2.0 |
|
Date: |
Sun, 10 Dec 2017 12:07:02 -0500 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi,
On Sun, Dec 10, 2017 at 03:54:07PM +0100, Jeremy Feusi wrote:
> I am working on a project for school in which I use afl to find bugs in
> software and I decided to fuzz gawk. In doing so I disovered a segfault
> in r_interpret(). Running gdb it appears that on line 140 of interpret.h
> there is an attempt to access a null address.
> command:
> gawk '!_""' <file>
> where <file> is a file containing at least on character.
>
> result:
> gawk: cmd. line:1: (FILENAME=<file> FNR=1) fatal error: internal error
> Aborted (core dumped)
>
> I am using gawk 4.2.0 on arch linux.
Thanks for the bug report. A possible fix is attached. The problem relates to
the attempt to call dgettext to convert an empty string, In gawk 4.1, the
string length is 0, but the string pointer is non-NULL. In gawk 4.2, the
pointer is NULL, and so the attempt to terminate the string with a NUL
character before calling dgettext triggers the crash. It is not clear to me
why the stptr is non-NULL in 4.1 and now NULL in 4.2, so this may not be the
optimal fix.
Regards,
Andy
gettext.patch
Description: Text document