shithub: trueawk

--- a/FIXES

+++ b/FIXES

@@ -25,6 +25,11 @@

 This file lists all bug fixes, changes, etc., made since the AWK book

 was sent to the printers in August 1987.

+Sep 12, 2022:

+	adjbuf minlen error (cannot be 0) in cat, resulting in NULL pbuf.

+	discovered by todd miller. also use-after-free issue with

+	tempfree in cat, thanks to Miguel Pineiro Jr and valgrind.

 Aug 30, 2022:

 	Various leaks and use-after-free issues plugged/fixed.

 	Thanks to Miguel Pineiro Jr. <mpj@pineiro.cc>.

--- a/main.c

+++ b/main.c

@@ -22,7 +22,7 @@

 THIS SOFTWARE.

 ****************************************************************/

-const char	*version = "One True Awk 20220905";

+const char	*version = "One True Awk 20221002";

 #define DEBUG

 #include <stdio.h>

--- a/run.c

+++ b/run.c

@@ -1441,9 +1441,11 @@

 	x = execute(a[0]);

 	n1 = strlen(getsval(x));

-	adjbuf(&s, &ssz, n1, recsize, 0, "cat1");

+	adjbuf(&s, &ssz, n1 + 1, recsize, 0, "cat1");

 	memcpy(s, x->sval, n1);

+	tempfree(x);

 	y = execute(a[1]);

 	n2 = strlen(getsval(y));

 	adjbuf(&s, &ssz, n1 + n2 + 1, recsize, 0, "cat2");

@@ -1450,7 +1452,6 @@

 	memcpy(s + n1, y->sval, n2);

 	s[n1 + n2] = '\0';

-	tempfree(x);

 	tempfree(y);

 	z = gettemp();

--- a/tran.c

+++ b/tran.c

@@ -563,7 +563,6 @@

 char *qstring(const char *is, int delim)	/* collect string up to next delim */

-	const char *os = is;

 	int c, n;

 	const uschar *s = (const uschar *) is;

 	uschar *buf, *bp;

@@ -572,7 +571,7 @@

 		FATAL( "out of space in qstring(%s)", s);

 	for (bp = buf; (c = *s) != delim; s++) {

 		if (c == '\n')

-			SYNTAX( "newline in string %.20s...", os );

+			SYNTAX( "newline in string %.20s...", is );

 		else if (c != '\\')

 			*bp++ = c;

 		else {	/* \something */

--

⑨