awk: Guard pointer chasing when parsing ternary expressions.

Avoids an uninit pointer deref for some malformed ternary exprs.

Add a test that would crash in busybox before this fix.

Signed-off-by: Brian Foley <bpfoley@google.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/editors/awk.c b/editors/awk.c
index b6d8cf2032bcba07441755cf68dc88bf37858498..f2b8b13ebc1b10a93ece6f4f27747a60b9e26dc2 100644 (file)
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -1265,7 +1265,7 @@ static node *parse_expr(uint32_t iexp)
        debug_printf_parse("%s(%x)\n", __func__, iexp);
 
        sn.info = PRIMASK;
-       sn.r.n = glptr = NULL;
+       sn.r.n = sn.a.n = glptr = NULL;
        xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP | iexp;
 
        while (!((tc = next_token(xtc)) & iexp)) {
@@ -1287,6 +1287,7 @@ static node *parse_expr(uint32_t iexp)
                            || ((t_info == vn->info) && ((t_info & OPCLSMASK) == OC_COLON))
                        ) {
                                vn = vn->a.n;
+                               if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
                        }
                        if ((t_info & OPCLSMASK) == OC_TERNARY)
                                t_info += P(6);

diff --git a/testsuite/awk.tests b/testsuite/awk.tests
index 3933fefc9d510755d1ceb2d18730dd932ceb6da6..9f353fc10eaf803614bc86c6e26454b878734fe6 100755 (executable)
--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
@@ -338,6 +338,9 @@ testing "awk continue" \
 testing "awk handles invalid for loop" \
     "awk '{ for() }' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" ""
 
+testing "awk handles colon not preceded by ternary" \
+    "awk 'foo:bar:' 2>&1" "awk: cmd. line:1: Unexpected token\n" "" ""
+
 # testing "description" "command" "result" "infile" "stdin"
 testing 'awk negative field access' \
        'awk 2>&1 -- '\''{ $(-1) }'\' \