diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2023-10-28 22:38:23 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2023-10-28 22:38:23 +0000 |
| commit | 3b837fc310b205cc45b168152484c92403e3af6b (patch) | |
| tree | 3c70157cb78ccb68eb396524aa9173b749383fc3 | |
| parent | 45d428a1ae9b279332ca34f86eb9ea5faaee9b1e (diff) | |
substr: fix buffer overflow with utf-8 strings
We need to use u8_strlen(), not strlen(), to compute the length.
Otherwise, there may be an out of bounds write when writing the NUL
terminator to set the length of the substring.
https://github.com/onetrueawk/awk/pull/205
| -rw-r--r-- | usr.bin/awk/run.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c index 1c1b72c6dd8..6e72ec1ceb7 100644 --- a/usr.bin/awk/run.c +++ b/usr.bin/awk/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.79 2023/10/06 22:29:24 millert Exp $ */ +/* $OpenBSD: run.c,v 1.80 2023/10/28 22:38:22 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -986,7 +986,7 @@ Cell *substr(Node **a, int nnn) /* substr(a[0], a[1], a[2]) */ if (a[2] != NULL) z = execute(a[2]); s = getsval(x); - k = strlen(s) + 1; + k = u8_strlen(s) + 1; if (k <= 1) { tempfree(x); tempfree(y); |