awk/lex.c

597 lines
13 KiB
C
Raw Normal View History

2012-12-22 10:35:39 -05:00
/****************************************************************
Copyright (C) Lucent Technologies 1997
All Rights Reserved
Permission to use, copy, modify, and distribute this software and
its documentation for any purpose and without fee is hereby
granted, provided that the above copyright notice appear in all
copies and that both that the copyright notice and this
permission notice and warranty disclaimer appear in supporting
documentation, and that the name Lucent Technologies or any of
its entities not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission.
LUCENT DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
IN NO EVENT SHALL LUCENT OR ANY OF ITS ENTITIES BE LIABLE FOR ANY
SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
THIS SOFTWARE.
****************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "awk.h"
#include "ytab.h"
extern YYSTYPE yylval;
Fix hwasan global overflow. (#76) * Fix hwasan global overflow. Crash found with https://source.android.com/devices/tech/debug/hwasan but also detectable by regular ASan. Here's an ASan crash: ==215690==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d90f8da140 at pc 0x55d90f8b7503 bp 0x7ffd3dae6100 sp 0x7ffd3dae60f8 READ of size 4 at 0x55d90f8da140 thread T0 #0 0x55d90f8b7502 in word /tmp/awk/lex.c:496 #1 0x55d90f8b939f in yylex /tmp/awk/lex.c:191 #2 0x55d90f894ab9 in yyparse /tmp/awk/awkgram.tab.c:2366 #3 0x55d90f89edc2 in main /tmp/awk/main.c:216 #4 0x7ff263a78bba in __libc_start_main ../csu/libc-start.c:308 #5 0x55d90f8945a9 in _start (/tmp/awk/a.out+0x115a9) 0x55d90f8da141 is located 0 bytes to the right of global variable 'infunc' defined in 'awkgram.y:35:6' (0x55d90f8da140) of size 1 SUMMARY: AddressSanitizer: global-buffer-overflow /tmp/awk/lex.c:496 in word Shadow bytes around the buggy address: 0x0abba1f133d0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0abba1f133e0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0abba1f133f0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0abba1f13400: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0abba1f13410: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 =>0x0abba1f13420: 04 f9 f9 f9 f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 0x0abba1f13430: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 0x0abba1f13440: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abba1f13450: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abba1f13460: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abba1f13470: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 And here's the stack trace from hwasan: Stack Trace: RELADDR FUNCTION FILE:LINE 00000000000168d4 word external/one-true-awk/lex.c:496:18 000000000002d1ec yyparse y.tab.c:2460:16 000000000001c82c main external/one-true-awk/main.c:179:2 00000000000b41a0 __libc_init bionic/libc/bionic/libc_init_dynamic.cpp:151:8 As it says, we're doing a 4-byte read from a 1-byte global. `infunc` is declared as an int but defined as a bool. Signed-off-by: Evgenii Stepanov <eugenis@google.com> * Add ASan cflags to makefile. They're not used by default, but this way they're easily to hand next time they're wanted.
2020-02-28 06:18:29 -05:00
extern bool infunc;
2012-12-22 10:35:39 -05:00
int lineno = 1;
int bracecnt = 0;
int brackcnt = 0;
int parencnt = 0;
typedef struct Keyword {
const char *word;
int sub;
int type;
} Keyword;
const Keyword keywords[] = { /* keep sorted: binary searched */
2012-12-22 10:35:39 -05:00
{ "BEGIN", XBEGIN, XBEGIN },
{ "END", XEND, XEND },
{ "NF", VARNF, VARNF },
{ "atan2", FATAN, BLTIN },
{ "break", BREAK, BREAK },
{ "close", CLOSE, CLOSE },
{ "continue", CONTINUE, CONTINUE },
{ "cos", FCOS, BLTIN },
{ "delete", DELETE, DELETE },
{ "do", DO, DO },
{ "else", ELSE, ELSE },
{ "exit", EXIT, EXIT },
{ "exp", FEXP, BLTIN },
{ "fflush", FFLUSH, BLTIN },
{ "for", FOR, FOR },
{ "func", FUNC, FUNC },
{ "function", FUNC, FUNC },
{ "getline", GETLINE, GETLINE },
{ "gsub", GSUB, GSUB },
{ "if", IF, IF },
{ "in", IN, IN },
{ "index", INDEX, INDEX },
{ "int", FINT, BLTIN },
{ "length", FLENGTH, BLTIN },
{ "log", FLOG, BLTIN },
{ "match", MATCHFCN, MATCHFCN },
{ "next", NEXT, NEXT },
{ "nextfile", NEXTFILE, NEXTFILE },
{ "print", PRINT, PRINT },
{ "printf", PRINTF, PRINTF },
{ "rand", FRAND, BLTIN },
{ "return", RETURN, RETURN },
{ "sin", FSIN, BLTIN },
{ "split", SPLIT, SPLIT },
{ "sprintf", SPRINTF, SPRINTF },
{ "sqrt", FSQRT, BLTIN },
{ "srand", FSRAND, BLTIN },
{ "sub", SUB, SUB },
{ "substr", SUBSTR, SUBSTR },
{ "system", FSYSTEM, BLTIN },
{ "tolower", FTOLOWER, BLTIN },
{ "toupper", FTOUPPER, BLTIN },
{ "while", WHILE, WHILE },
};
#define RET(x) { if(dbg)printf("lex %s\n", tokname(x)); return(x); }
static int peek(void)
2012-12-22 10:35:39 -05:00
{
int c = input();
unput(c);
return c;
}
static int gettok(char **pbuf, int *psz) /* get next input token */
2012-12-22 10:35:39 -05:00
{
int c, retc;
char *buf = *pbuf;
int sz = *psz;
char *bp = buf;
c = input();
if (c == 0)
return 0;
buf[0] = c;
buf[1] = 0;
if (!isalnum(c) && c != '.' && c != '_')
return c;
*bp++ = c;
if (isalpha(c) || c == '_') { /* it's a varname */
for ( ; (c = input()) != 0; ) {
if (bp-buf >= sz)
if (!adjbuf(&buf, &sz, bp-buf+2, 100, &bp, "gettok"))
FATAL( "out of space for name %.10s...", buf );
if (isalnum(c) || c == '_')
*bp++ = c;
else {
*bp = 0;
unput(c);
break;
}
}
*bp = 0;
retc = 'a'; /* alphanumeric */
} else { /* maybe it's a number, but could be . */
char *rem;
/* read input until can't be a number */
for ( ; (c = input()) != 0; ) {
if (bp-buf >= sz)
if (!adjbuf(&buf, &sz, bp-buf+2, 100, &bp, "gettok"))
FATAL( "out of space for number %.10s...", buf );
if (isdigit(c) || c == 'e' || c == 'E'
2012-12-22 10:35:39 -05:00
|| c == '.' || c == '+' || c == '-')
*bp++ = c;
else {
unput(c);
break;
}
}
*bp = 0;
strtod(buf, &rem); /* parse the number */
if (rem == buf) { /* it wasn't a valid number at all */
buf[1] = 0; /* return one character as token */
retc = buf[0]; /* character is its own type */
unputstr(rem+1); /* put rest back for later */
} else { /* some prefix was a number */
unputstr(rem); /* put rest back for later */
rem[0] = 0; /* truncate buf after number part */
retc = '0'; /* type is number */
}
}
*pbuf = buf;
*psz = sz;
return retc;
}
int word(char *);
int string(void);
int regexpr(void);
2019-11-10 14:19:18 -05:00
bool sc = false; /* true => return a } right now */
bool reg = false; /* true => return a REGEXPR now */
2012-12-22 10:35:39 -05:00
int yylex(void)
{
int c;
static char *buf = NULL;
2012-12-22 10:35:39 -05:00
static int bufsize = 5; /* BUG: setting this small causes core dump! */
if (buf == NULL && (buf = malloc(bufsize)) == NULL)
2012-12-22 10:35:39 -05:00
FATAL( "out of space in yylex" );
if (sc) {
2019-11-10 14:19:18 -05:00
sc = false;
2012-12-22 10:35:39 -05:00
RET('}');
}
if (reg) {
2019-11-10 14:19:18 -05:00
reg = false;
2012-12-22 10:35:39 -05:00
return regexpr();
}
for (;;) {
c = gettok(&buf, &bufsize);
if (c == 0)
return 0;
if (isalpha(c) || c == '_')
return word(buf);
if (isdigit(c)) {
char *cp = tostring(buf);
yylval.cp = setsymtab(buf, cp, atof(buf), CON|NUM, symtab);
free(cp);
2012-12-22 10:35:39 -05:00
/* should this also have STR set? */
RET(NUMBER);
}
2012-12-22 10:35:39 -05:00
yylval.i = c;
switch (c) {
case '\n': /* {EOL} */
2018-09-21 14:16:27 -04:00
lineno++;
2012-12-22 10:35:39 -05:00
RET(NL);
case '\r': /* assume \n is coming */
case ' ': /* {WS}+ */
case '\t':
break;
case '#': /* #.* strip comments */
while ((c = input()) != '\n' && c != 0)
;
unput(c);
2020-01-31 01:54:10 -05:00
/*
* Next line is a hack, itcompensates for
* unput's treatment of \n.
*/
lineno++;
2012-12-22 10:35:39 -05:00
break;
case ';':
RET(';');
case '\\':
if (peek() == '\n') {
input();
2018-09-21 14:16:27 -04:00
lineno++;
2012-12-22 10:35:39 -05:00
} else if (peek() == '\r') {
input(); input(); /* \n */
lineno++;
} else {
RET(c);
}
break;
case '&':
if (peek() == '&') {
input(); RET(AND);
} else
2012-12-22 10:35:39 -05:00
RET('&');
case '|':
if (peek() == '|') {
input(); RET(BOR);
} else
RET('|');
case '!':
if (peek() == '=') {
input(); yylval.i = NE; RET(NE);
} else if (peek() == '~') {
input(); yylval.i = NOTMATCH; RET(MATCHOP);
} else
RET(NOT);
case '~':
yylval.i = MATCH;
RET(MATCHOP);
case '<':
if (peek() == '=') {
input(); yylval.i = LE; RET(LE);
} else {
yylval.i = LT; RET(LT);
}
case '=':
if (peek() == '=') {
input(); yylval.i = EQ; RET(EQ);
} else {
yylval.i = ASSIGN; RET(ASGNOP);
}
case '>':
if (peek() == '=') {
input(); yylval.i = GE; RET(GE);
} else if (peek() == '>') {
input(); yylval.i = APPEND; RET(APPEND);
} else {
yylval.i = GT; RET(GT);
}
case '+':
if (peek() == '+') {
input(); yylval.i = INCR; RET(INCR);
} else if (peek() == '=') {
input(); yylval.i = ADDEQ; RET(ASGNOP);
} else
RET('+');
case '-':
if (peek() == '-') {
input(); yylval.i = DECR; RET(DECR);
} else if (peek() == '=') {
input(); yylval.i = SUBEQ; RET(ASGNOP);
} else
RET('-');
case '*':
if (peek() == '=') { /* *= */
input(); yylval.i = MULTEQ; RET(ASGNOP);
} else if (peek() == '*') { /* ** or **= */
input(); /* eat 2nd * */
if (peek() == '=') {
input(); yylval.i = POWEQ; RET(ASGNOP);
} else {
RET(POWER);
}
} else
RET('*');
case '/':
RET('/');
case '%':
if (peek() == '=') {
input(); yylval.i = MODEQ; RET(ASGNOP);
} else
RET('%');
case '^':
if (peek() == '=') {
input(); yylval.i = POWEQ; RET(ASGNOP);
} else
RET(POWER);
case '$':
/* BUG: awkward, if not wrong */
c = gettok(&buf, &bufsize);
if (isalpha(c)) {
if (strcmp(buf, "NF") == 0) { /* very special */
unputstr("(NF)");
RET(INDIRECT);
}
c = peek();
if (c == '(' || c == '[' || (infunc && isarg(buf) >= 0)) {
unputstr(buf);
RET(INDIRECT);
}
yylval.cp = setsymtab(buf, "", 0.0, STR|NUM, symtab);
RET(IVAR);
} else if (c == 0) { /* */
SYNTAX( "unexpected end of input after $" );
RET(';');
} else {
unputstr(buf);
RET(INDIRECT);
}
2012-12-22 10:35:39 -05:00
case '}':
if (--bracecnt < 0)
SYNTAX( "extra }" );
2019-11-10 14:19:18 -05:00
sc = true;
2012-12-22 10:35:39 -05:00
RET(';');
case ']':
if (--brackcnt < 0)
SYNTAX( "extra ]" );
RET(']');
case ')':
if (--parencnt < 0)
SYNTAX( "extra )" );
RET(')');
case '{':
bracecnt++;
RET('{');
case '[':
brackcnt++;
RET('[');
case '(':
parencnt++;
RET('(');
2012-12-22 10:35:39 -05:00
case '"':
return string(); /* BUG: should be like tran.c ? */
2012-12-22 10:35:39 -05:00
default:
RET(c);
}
}
}
int string(void)
{
int c, n;
char *s, *bp;
static char *buf = NULL;
2012-12-22 10:35:39 -05:00
static int bufsz = 500;
if (buf == NULL && (buf = malloc(bufsz)) == NULL)
2012-12-22 10:35:39 -05:00
FATAL("out of space for strings");
for (bp = buf; (c = input()) != '"'; ) {
if (!adjbuf(&buf, &bufsz, bp-buf+2, 500, &bp, "string"))
FATAL("out of space for string %.10s...", buf);
switch (c) {
case '\n':
case '\r':
case 0:
2018-09-21 14:16:27 -04:00
*bp = '\0';
2012-12-22 10:35:39 -05:00
SYNTAX( "non-terminated string %.10s...", buf );
if (c == 0) /* hopeless */
FATAL( "giving up" );
2018-09-21 14:16:27 -04:00
lineno++;
2012-12-22 10:35:39 -05:00
break;
case '\\':
c = input();
switch (c) {
case '\n': break;
2012-12-22 10:35:39 -05:00
case '"': *bp++ = '"'; break;
case 'n': *bp++ = '\n'; break;
2012-12-22 10:35:39 -05:00
case 't': *bp++ = '\t'; break;
case 'f': *bp++ = '\f'; break;
case 'r': *bp++ = '\r'; break;
case 'b': *bp++ = '\b'; break;
case 'v': *bp++ = '\v'; break;
2020-01-06 02:01:46 -05:00
case 'a': *bp++ = '\a'; break;
2012-12-22 10:35:39 -05:00
case '\\': *bp++ = '\\'; break;
case '0': case '1': case '2': /* octal: \d \dd \ddd */
case '3': case '4': case '5': case '6': case '7':
n = c - '0';
if ((c = peek()) >= '0' && c < '8') {
n = 8 * n + input() - '0';
if ((c = peek()) >= '0' && c < '8')
n = 8 * n + input() - '0';
}
*bp++ = n;
break;
case 'x': /* hex \x0-9a-fA-F + */
{ char xbuf[100], *px;
for (px = xbuf; (c = input()) != 0 && px-xbuf < 100-2; ) {
if (isdigit(c)
|| (c >= 'a' && c <= 'f')
|| (c >= 'A' && c <= 'F'))
*px++ = c;
else
break;
}
*px = 0;
unput(c);
sscanf(xbuf, "%x", (unsigned int *) &n);
*bp++ = n;
break;
}
default:
2012-12-22 10:35:39 -05:00
*bp++ = c;
break;
}
break;
default:
*bp++ = c;
break;
}
}
*bp = 0;
2012-12-22 10:35:39 -05:00
s = tostring(buf);
*bp++ = ' '; *bp++ = '\0';
2012-12-22 10:35:39 -05:00
yylval.cp = setsymtab(buf, s, 0.0, CON|STR|DONTFREE, symtab);
free(s);
2012-12-22 10:35:39 -05:00
RET(STRING);
}
static int binsearch(char *w, const Keyword *kp, int n)
2012-12-22 10:35:39 -05:00
{
int cond, low, mid, high;
low = 0;
high = n - 1;
while (low <= high) {
mid = (low + high) / 2;
if ((cond = strcmp(w, kp[mid].word)) < 0)
high = mid - 1;
else if (cond > 0)
low = mid + 1;
else
return mid;
}
return -1;
}
int word(char *w)
2012-12-22 10:35:39 -05:00
{
const Keyword *kp;
2012-12-22 10:35:39 -05:00
int c, n;
n = binsearch(w, keywords, sizeof(keywords)/sizeof(keywords[0]));
if (n != -1) { /* found in table */
kp = keywords + n;
2012-12-22 10:35:39 -05:00
yylval.i = kp->sub;
switch (kp->type) { /* special handling */
case BLTIN:
if (kp->sub == FSYSTEM && safe)
SYNTAX( "system is unsafe" );
RET(kp->type);
case FUNC:
if (infunc)
SYNTAX( "illegal nested function" );
RET(kp->type);
case RETURN:
if (!infunc)
SYNTAX( "return not in function" );
RET(kp->type);
case VARNF:
yylval.cp = setsymtab("NF", "", 0.0, NUM, symtab);
RET(VARNF);
default:
RET(kp->type);
}
}
c = peek(); /* look for '(' */
if (c != '(' && infunc && (n=isarg(w)) >= 0) {
yylval.i = n;
RET(ARG);
} else {
yylval.cp = setsymtab(w, "", 0.0, STR|NUM|DONTFREE, symtab);
if (c == '(') {
RET(CALL);
} else {
RET(VAR);
}
}
}
void startreg(void) /* next call to yylex will return a regular expression */
{
2019-11-10 14:19:18 -05:00
reg = true;
2012-12-22 10:35:39 -05:00
}
int regexpr(void)
{
int c;
static char *buf = NULL;
2012-12-22 10:35:39 -05:00
static int bufsz = 500;
char *bp;
if (buf == NULL && (buf = malloc(bufsz)) == NULL)
2012-12-22 10:35:39 -05:00
FATAL("out of space for rex expr");
bp = buf;
for ( ; (c = input()) != '/' && c != 0; ) {
if (!adjbuf(&buf, &bufsz, bp-buf+3, 500, &bp, "regexpr"))
FATAL("out of space for reg expr %.10s...", buf);
if (c == '\n') {
2018-09-21 14:16:27 -04:00
*bp = '\0';
SYNTAX( "newline in regular expression %.10s...", buf );
2012-12-22 10:35:39 -05:00
unput('\n');
break;
} else if (c == '\\') {
*bp++ = '\\';
2012-12-22 10:35:39 -05:00
*bp++ = input();
} else {
*bp++ = c;
}
}
*bp = 0;
if (c == 0)
SYNTAX("non-terminated regular expression %.10s...", buf);
yylval.s = tostring(buf);
unput('/');
RET(REGEXPR);
}
/* low-level lexical stuff, sort of inherited from lex */
char ebuf[300];
char *ep = ebuf;
char yysbuf[100]; /* pushback buffer */
char *yysptr = yysbuf;
FILE *yyin = NULL;
2012-12-22 10:35:39 -05:00
int input(void) /* get next lexical input character */
{
int c;
extern char *lexprog;
if (yysptr > yysbuf)
c = (uschar)*--yysptr;
else if (lexprog != NULL) { /* awk '...' */
if ((c = (uschar)*lexprog) != 0)
lexprog++;
} else /* awk -f ... */
c = pgetc();
2018-09-21 14:16:27 -04:00
if (c == EOF)
2012-12-22 10:35:39 -05:00
c = 0;
if (ep >= ebuf + sizeof ebuf)
ep = ebuf;
2018-09-21 14:16:27 -04:00
*ep = c;
if (c != 0) {
ep++;
}
return (c);
2012-12-22 10:35:39 -05:00
}
void unput(int c) /* put lexical character back on input */
{
if (c == '\n')
lineno--;
2012-12-22 10:35:39 -05:00
if (yysptr >= yysbuf + sizeof(yysbuf))
FATAL("pushed back too much: %.20s...", yysbuf);
*yysptr++ = c;
if (--ep < ebuf)
ep = ebuf + sizeof(ebuf) - 1;
}
void unputstr(const char *s) /* put a string back on input */
{
int i;
for (i = strlen(s)-1; i >= 0; i--)
unput(s[i]);
}