awk: Fix subobject out-of-bounds access

When matching a regex with ^, it would attempt to access gototab[NSTATES][NCHARS+2], and therefore access the state for the \002 character instead. This change is required to run awk under CHERI (with sub-object bounds) and when running with UBSan instrumentation. This was committed upstream as cbf924342b Found by: CHERI (with subobject bounds enabled) Obtained from: CheriBSD Reviewed By: imp Differential Revision: https://reviews.freebsd.org/D26509
2020-09-21 19:03:07 +00:00 · 2020-09-21 19:03:07 +00:00 · ae692c42cb
commit ae692c42cb
parent 52664466c7
2 changed files with 3 additions and 3 deletions
--- a/contrib/one-true-awk/awk.h
+++ b/contrib/one-true-awk/awk.h
@ -218,6 +218,8 @@ extern	int	pairstack[], paircnt;
 #define NCHARS	(256+3)		/* 256 handles 8-bit chars; 128 does 7-bit */
 				/* watch out in match(), etc. */
 #define NSTATES	32
+#define	HAT	(NCHARS+2)	/* matches ^ in regular expr */
+				/* NCHARS is 2**n */

 typedef struct rrow {
 	long	ltype;	/* long avoids pointer warnings on 64-bit */
@ -230,7 +232,7 @@ typedef struct rrow {
 } rrow;

 typedef struct fa {
-	uschar	gototab[NSTATES][NCHARS];
+	uschar	gototab[NSTATES][HAT + 1];
 	uschar	out[NSTATES];
 	uschar	*restr;
 	int	*posns[NSTATES];
--- a/contrib/one-true-awk/b.c
+++ b/contrib/one-true-awk/b.c
@ -37,8 +37,6 @@ __FBSDID("$FreeBSD$");
 #include "awk.h"
 #include "ytab.h"

-#define	HAT	(NCHARS+2)	/* matches ^ in regular expr */
-				/* NCHARS is 2**n */
 #define MAXLIN 22

 #define type(v)		(v)->nobj	/* badly overloaded here */