Cast to uschar when storing a char in an int that will be used as an index (#88)

* Cast to uschar when storing a char in an int that will be used as an index.
Fixes a heap underflow when the input char has the high bit set and
FS is a regex.

* Add regress test for underflow when RS is a regex and input is 8-bit.
This commit is contained in:
Todd C. Miller 2020-07-29 12:27:45 -06:00 committed by GitHub
parent b82b649aa6
commit 22ee26b925
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 5 additions and 2 deletions

2
b.c
View File

@ -684,7 +684,7 @@ bool fnematch(fa *pfa, FILE *f, char **pbuf, int *pbufsize, int quantum)
FATAL("stream '%.30s...' too long", buf);
buf[k++] = (c = getc(f)) != EOF ? c : 0;
}
c = buf[j];
c = (uschar)buf[j];
/* assert(c < NCHARS); */
if ((ns = pfa->gototab[s][c]) != 0)

View File

@ -0,0 +1 @@
BEGIN { RS="zx" } { print $1 }

View File

@ -0,0 +1 @@
<EFBFBD>

View File

@ -0,0 +1 @@
<EFBFBD>

2
lex.c
View File

@ -148,7 +148,7 @@ static int gettok(char **pbuf, int *psz) /* get next input token */
strtod(buf, &rem); /* parse the number */
if (rem == buf) { /* it wasn't a valid number at all */
buf[1] = 0; /* return one character as token */
retc = buf[0]; /* character is its own type */
retc = (uschar)buf[0]; /* character is its own type */
unputstr(rem+1); /* put rest back for later */
} else { /* some prefix was a number */
unputstr(rem); /* put rest back for later */