segment: Fix 1-byte read past initialized data when file ends in CR.

author Ben Pfaff <blp@cs.stanford.edu>

Tue, 5 Oct 2021 06:14:32 +0000 (23:14 -0700)

committer Ben Pfaff <blp@cs.stanford.edu>

Tue, 5 Oct 2021 06:26:25 +0000 (23:26 -0700)
author Ben Pfaff <blp@cs.stanford.edu>
Tue, 5 Oct 2021 06:14:32 +0000 (23:14 -0700)
committer Ben Pfaff <blp@cs.stanford.edu>
Tue, 5 Oct 2021 06:26:25 +0000 (23:26 -0700)
diff --git a/src/language/lexer/segment.c b/src/language/lexer/segment.c

index 519f6ec9f23e4abf35fb8efe2abcc330394171db..4a6fefb4c25d1e7c1441cd1a6a8d43f5b76b1873 100644 (file)
--- a/src/language/lexer/segment.c
+++ b/src/language/lexer/segment.c
@@ -1042,7 +1042,7 @@ segmenter_parse_mid_command__ (struct segmenter *s,
            if (ofs < 0)
              return -1;
  
-          if (input[ofs - 1] == '\r' && input[ofs] == '\n')
+          if (ofs < n && input[ofs - 1] == '\r' && input[ofs] == '\n')
              {
                if (ofs == 1)
                  {
diff --git a/tests/language/lexer/segment.at b/tests/language/lexer/segment.at

index 78ad1e99eb5843b81fc9e432119d56335b7a6dc3..abbc08c8cd4b4a037b7f7155ccc799b0cdde6593 100644 (file)
--- a/tests/language/lexer/segment.at
+++ b/tests/language/lexer/segment.at
@@ -1643,3 +1643,16 @@ end
  ])
  PSPP_CHECK_SEGMENT([-a])
  AT_CLEANUP
+\f
+# This checks for regression against bug #61253.  To see the read of
+# uninitialized data, run with valgrind.  The test will pass either
+# way.  (The bug report has a more complicated crashing case.)
+AT_SETUP([input ends in carriage return])
+printf '\r' > input
+AT_DATA([expout-base], [dnl
+separate_commands
+spaces          \r
+end
+])
+PSPP_CHECK_SEGMENT
+AT_CLEANUP
author	Ben Pfaff <blp@cs.stanford.edu>
	Tue, 5 Oct 2021 06:14:32 +0000 (23:14 -0700)
committer	Ben Pfaff <blp@cs.stanford.edu>
	Tue, 5 Oct 2021 06:26:25 +0000 (23:26 -0700)
src/language/lexer/segment.c		patch \| blob \| history
tests/language/lexer/segment.at		patch \| blob \| history