diff options
| author | Tijl Coosemans <tijl@FreeBSD.org> | 2012-02-13 10:24:22 +0000 |
|---|---|---|
| committer | Tijl Coosemans <tijl@FreeBSD.org> | 2012-02-13 10:24:22 +0000 |
| commit | e5083bc18e3db9168e559147d9d84d0abab109c4 (patch) | |
| tree | 9906025ec5e9366a33ade9b06dfc9f4f4e2d7b29 /usr.bin | |
| parent | 9be2610055541b03ece3429277ef57e9ecdf42d1 (diff) | |
| download | src-e5083bc18e3db9168e559147d9d84d0abab109c4.tar.gz src-e5083bc18e3db9168e559147d9d84d0abab109c4.zip | |
MFC r228636:
Correct a logic error in usr.bin/hexdump/conv.c, found by clang.
Whenever the conv_c() function encounters an incomplete multibyte char,
it peeks ahead. It also sets p to peekbuf, to indicate it is still
processing the incomplete character.
However, on the next retry, it compares buf against peekbuf, which
always returns false, since both buf and peekbuf are local char arrays,
whose addresses are never the same.
Fix this by comparing against p instead, which was the intention. Also
turn peekbuf into an array of u_char, to prevent conversion warnings.
MFC r229794:
- Fix how hexdump parses escape strings
From the NetBSD bug:
The way how hexdump(1) parses escape sequences has some bugs.
It shows up when an escape sequence is used as the non-last character
of a format string.
MFC r230649:
Fix decoding of escape sequences in format strings:
- Zero-terminate the resulting string by letting the for-loop copy the
terminating zero.
- Exit the for-loop after handling a backslash at the end of the format
string to fix a buffer overrun.
- Remove some unnecessary comments and blank lines.
PR: bin/144722
Notes
Notes:
svn path=/stable/8/; revision=231577
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/hexdump/conv.c | 4 | ||||
| -rw-r--r-- | usr.bin/hexdump/parse.c | 24 |
2 files changed, 18 insertions, 10 deletions
diff --git a/usr.bin/hexdump/conv.c b/usr.bin/hexdump/conv.c index 96dc2d64c43b..ae4ea88337e0 100644 --- a/usr.bin/hexdump/conv.c +++ b/usr.bin/hexdump/conv.c @@ -57,7 +57,7 @@ conv_c(PR *pr, u_char *p, size_t bufsize) wchar_t wc; size_t clen, oclen; int converr, pad, width; - char peekbuf[MB_LEN_MAX]; + u_char peekbuf[MB_LEN_MAX]; if (pr->mbleft > 0) { str = "**"; @@ -107,7 +107,7 @@ retry: if (clen == 0) clen = 1; else if (clen == (size_t)-1 || (clen == (size_t)-2 && - buf == peekbuf)) { + p == peekbuf)) { memset(&pr->mbstate, 0, sizeof(pr->mbstate)); wc = *p; clen = 1; diff --git a/usr.bin/hexdump/parse.c b/usr.bin/hexdump/parse.c index 07ad63d0fe24..5354675ad9de 100644 --- a/usr.bin/hexdump/parse.c +++ b/usr.bin/hexdump/parse.c @@ -259,7 +259,9 @@ rewrite(FS *fs) sokay = NOTOKAY; } - p2 = p1 + 1; /* Set end pointer. */ + p2 = *p1 ? p1 + 1 : p1; /* Set end pointer -- make sure + * that it's non-NUL/-NULL first + * though. */ cs[0] = *p1; /* Set conversion string. */ cs[1] = '\0'; @@ -453,13 +455,14 @@ escape(char *p1) char *p2; /* alphabetic escape sequences have to be done in place */ - for (p2 = p1;; ++p1, ++p2) { - if (!*p1) { - *p2 = *p1; - break; - } - if (*p1 == '\\') - switch(*++p1) { + for (p2 = p1;; p1++, p2++) { + if (*p1 == '\\') { + p1++; + switch(*p1) { + case '\0': + *p2 = '\\'; + *++p2 = '\0'; + return; case 'a': /* *p2 = '\a'; */ *p2 = '\007'; @@ -486,6 +489,11 @@ escape(char *p1) *p2 = *p1; break; } + } else { + *p2 = *p1; + if (*p1 == '\0') + return; + } } } |