ref: 908be9c222c0b7da4bcc3b8724ebb11996993a69
parent: 04f69eaf0b99d6c0ca65115973830218ba8a2b72
author: ozan yigit <ozan.yigit@gmail.com>
date: Thu Dec 28 09:53:25 EST 2023
fix for matchop dereferencing a pointer x->sval after freeing x.
this bug was introduced with UTF-8 support changes.
example:
$ echo aaaaaab | ./a.out '{print match(substr($0, 1), "b")}'
-1
--- a/run.c
+++ b/run.c
@@ -795,7 +795,7 @@
Cell *matchop(Node **a, int n) /* ~ and match() */
{- Cell *x, *y;
+ Cell *x, *y, *z;
char *s, *t;
int i;
int cstart, cpatlen, len;
@@ -817,7 +817,7 @@
i = (*mf)(pfa, s);
tempfree(y);
}
- tempfree(x);
+ z = x;
if (n == MATCHFCN) {int start = patbeg - s + 1; /* origin 1 */
if (patlen < 0) {@@ -839,11 +839,13 @@
x = gettemp();
x->tval = NUM;
x->fval = start;
- return x;
} else if ((n == MATCH && i == 1) || (n == NOTMATCH && i == 0))
- return(True);
+ x = True;
else
- return(False);
+ x = False;
+
+ tempfree(z);
+ return x;
}
--- a/testdir/T.overflow
+++ b/testdir/T.overflow
@@ -84,3 +84,5 @@
rm -rf /tmp/awktestfoo*
$awk 'BEGIN { for (i=1; i <= 1000; i++) print i >("/tmp/awktestfoo" i) }'ls /tmp/awktestfoo* | grep '1000' >/dev/null || echo 1>&2 "BAD: T.overflow openfiles"
+rm -rf /tmp/awktestfoo*
+exit 0
--- a/testdir/T.split
+++ b/testdir/T.split
@@ -220,5 +220,6 @@
echo 'cat dog' > $TEMP2
diff $TEMP1 $TEMP2 || fail 'BAD: T.split(a, b, "[\r\n]+")'
+rm -rf $WORKDIR
exit $RESULT
--
⑨