From f504ca457f15fb7151537bd610d757a4d8163951 Mon Sep 17 00:00:00 2001 From: jilles Date: Sun, 23 Aug 2015 20:44:53 +0000 Subject: [PATCH] sh: Don't create bad parse result when postponing a bad substitution error. An invalid substitution like ${var@} does not cause a parse error but is stored in the intermediate representation, to be written as part of the error message. If there is a CTL* byte in the stored part, this confuses some code such as the code to skip an unused alternative such as in ${var-alternative}. To keep things simple, do not store CTL* bytes. Found with afl-fuzz. MFC after: 1 week --- bin/sh/parser.c | 5 +++-- bin/sh/tests/errors/Makefile | 2 ++ bin/sh/tests/errors/bad-parm-exp7.0 | 4 ++++ bin/sh/tests/errors/bad-parm-exp8.0 | 4 ++++ 4 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 bin/sh/tests/errors/bad-parm-exp7.0 create mode 100644 bin/sh/tests/errors/bad-parm-exp8.0 diff --git a/bin/sh/parser.c b/bin/sh/parser.c index e7ec0103bf7b..98b87913829c 100644 --- a/bin/sh/parser.c +++ b/bin/sh/parser.c @@ -1662,7 +1662,7 @@ varname: pungetc(); else if (c == '\n' || c == PEOF) synerror("Unexpected end of line in substitution"); - else + else if (BASESYNTAX[c] != CCTL) USTPUTC(c, out); } if (subtype == 0) { @@ -1678,7 +1678,8 @@ varname: synerror("Unexpected end of line in substitution"); if (flags == VSNUL) STPUTC(':', out); - STPUTC(c, out); + if (BASESYNTAX[c] != CCTL) + STPUTC(c, out); subtype = VSERROR; } else subtype = p - types + VSNORMAL; diff --git a/bin/sh/tests/errors/Makefile b/bin/sh/tests/errors/Makefile index ace9a01ccd7d..51a766f6f4e9 100644 --- a/bin/sh/tests/errors/Makefile +++ b/bin/sh/tests/errors/Makefile @@ -19,6 +19,8 @@ FILES+= bad-parm-exp3.2 bad-parm-exp3.2.stderr FILES+= bad-parm-exp4.2 bad-parm-exp4.2.stderr FILES+= bad-parm-exp5.2 bad-parm-exp5.2.stderr FILES+= bad-parm-exp6.2 bad-parm-exp6.2.stderr +FILES+= bad-parm-exp7.0 +FILES+= bad-parm-exp8.0 FILES+= option-error.0 FILES+= redirection-error.0 FILES+= redirection-error2.2 diff --git a/bin/sh/tests/errors/bad-parm-exp7.0 b/bin/sh/tests/errors/bad-parm-exp7.0 new file mode 100644 index 000000000000..b8562fbed47b --- /dev/null +++ b/bin/sh/tests/errors/bad-parm-exp7.0 @@ -0,0 +1,4 @@ +# $FreeBSD$ + +v=1 +eval ": $(printf '${v-${\372}}')" diff --git a/bin/sh/tests/errors/bad-parm-exp8.0 b/bin/sh/tests/errors/bad-parm-exp8.0 new file mode 100644 index 000000000000..28f00cde0f9f --- /dev/null +++ b/bin/sh/tests/errors/bad-parm-exp8.0 @@ -0,0 +1,4 @@ +# $FreeBSD$ + +v=1 +eval ": $(printf '${v-${w\372}}')"