Re: [9front] [PATCH] awk: don't write an extra NUL past the end of a block

[Jacob Moody <moody@posixcafe.org>]

Can you provide an example input that would generate this crash?

For awk things I usually tend to cross reference our bug fixes
against the onetrueawk to see if it was fixed there or not.
 From what I can tell onetrueawk also has this code:
https://github.com/onetrueawk/awk/blob/master/lib.c

I have a sneaking feeling that there are other cases
where this code is needed, but I'm not entirely sure.
It looks like there is some condition where we avoid that
loop, and that's why the code was there. Perhaps we
could just alloc length of string + 2?

Maybe give onetrueawk a try and see if you can reproduce the
crash there as well, and if not perhaps we should copy their fix.


Thanks,
moody

On 1/23/24 01:44, Kristo wrote:
> When splitting a record into individual fields awk seems to write an
> extra NUL at the end, which is not an issue when a record fits in the
> default buffer. However, with larger records the buffer is allocated to
> length of the string + 1, meaning that the extra NUL goes past the end
> of the block and causes a "mem user overflow" panic.
> 
> diff 26c21f9b5d06296d13f40b53de14e22007e189c2 uncommitted
> --- a/sys/src/cmd/awk/lib.c
> +++ b/sys/src/cmd/awk/lib.c
> @@ -287,7 +287,6 @@
>  			while (*r != ' ' && *r != '\t' && *r != '\n' && *r != '\0');
>  			*fr++ = 0;
>  		}
> -		*fr = 0;
>  	} else if ((sep = *inputFS) == 0) {		/* new: FS="" => 1 char/field */
>  		for (i = 0; *r != 0; r += w) {
>  			char buf[UTFmax + 1];
> @@ -320,7 +319,6 @@
>  			if (*r++ == 0)
>  				break;
>  		}
> -		*fr = 0;
>  	}
>  	if (i > nfields)
>  		FATAL("record `%.30s...' has too many fields; can't happen", r);
>