diff --git a/bugs-fixed/README b/bugs-fixed/README index 0ee4cbe..e834a29 100644 --- a/bugs-fixed/README +++ b/bugs-fixed/README @@ -46,3 +46,8 @@ wouldn't always be generated before being needed. 13. subsep-overflow: The length of SUBSEP needs to be rechecked after calling execute(), in case SUBSEP itself has been changed. +14. split-fs-from-array: If the third argument to split() comes from the +array passed as the second argument, then split() would previously read +from the freed memory and possibly produce incorrect results (depending +on the system's malloc()/free() behaviour.) + diff --git a/bugs-fixed/split-fs-from-array.awk b/bugs-fixed/split-fs-from-array.awk new file mode 100644 index 0000000..fce1607 --- /dev/null +++ b/bugs-fixed/split-fs-from-array.awk @@ -0,0 +1,5 @@ +BEGIN { + a[1] = "elephantie" + a[2] = "e" + print split(a[1],a,a[2]), a[2], a[3], split(a[2],a,a[2]) +} diff --git a/bugs-fixed/split-fs-from-array.ok b/bugs-fixed/split-fs-from-array.ok new file mode 100644 index 0000000..9402b94 --- /dev/null +++ b/bugs-fixed/split-fs-from-array.ok @@ -0,0 +1 @@ +4 l phanti 2 diff --git a/run.c b/run.c index 497810c..bf84b76 100644 --- a/run.c +++ b/run.c @@ -1247,8 +1247,9 @@ Cell *split(Node **a, int nnn) /* split(a[0], a[1], a[2]); a[3] is type */ { Cell *x = 0, *y, *ap; char *s, *origs; + char *fs, *origfs = NULL; int sep; - char *t, temp, num[50], *fs = 0; + char *t, temp, num[50]; int n, tempstat, arg3type; y = execute(a[0]); /* source string */ @@ -1258,7 +1259,8 @@ Cell *split(Node **a, int nnn) /* split(a[0], a[1], a[2]); a[3] is type */ fs = getsval(fsloc); else if (arg3type == STRING) { /* split(str,arr,"string") */ x = execute(a[2]); - fs = getsval(x); + origfs = fs = strdup(getsval(x)); + tempfree(x); } else if (arg3type == REGEXPR) fs = "(regexpr)"; /* split(str,arr,/regexpr/) */ else @@ -1373,9 +1375,7 @@ Cell *split(Node **a, int nnn) /* split(a[0], a[1], a[2]); a[3] is type */ tempfree(ap); tempfree(y); free(origs); - if (a[2] != 0 && arg3type == STRING) { - tempfree(x); - } + free(origfs); x = gettemp(); x->tval = NUM; x->fval = n;