commit | 73af097db58528a3b8b9b69af035786eb3724ae3 | [log] [tgz] |
---|---|---|
author | enh-google <53129816+enh-google@users.noreply.github.com> | Fri Feb 28 03:18:29 2020 -0800 |
committer | Elliott Hughes <enh@google.com> | Fri Feb 28 18:10:28 2020 -0800 |
tree | 9c5fc2963abe1478f4e8a695bf48a27dea38c8e3 | |
parent | a400023b12be6761be6ce6b14c8da0d80e60ecee [diff] |
Fix hwasan global overflow. (#76) * Fix hwasan global overflow. Crash found with https://source.android.com/devices/tech/debug/hwasan but also detectable by regular ASan. Here's an ASan crash: ==215690==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d90f8da140 at pc 0x55d90f8b7503 bp 0x7ffd3dae6100 sp 0x7ffd3dae60f8 READ of size 4 at 0x55d90f8da140 thread T0 #0 0x55d90f8b7502 in word /tmp/awk/lex.c:496 #1 0x55d90f8b939f in yylex /tmp/awk/lex.c:191 #2 0x55d90f894ab9 in yyparse /tmp/awk/awkgram.tab.c:2366 #3 0x55d90f89edc2 in main /tmp/awk/main.c:216 #4 0x7ff263a78bba in __libc_start_main ../csu/libc-start.c:308 #5 0x55d90f8945a9 in _start (/tmp/awk/a.out+0x115a9) 0x55d90f8da141 is located 0 bytes to the right of global variable 'infunc' defined in 'awkgram.y:35:6' (0x55d90f8da140) of size 1 SUMMARY: AddressSanitizer: global-buffer-overflow /tmp/awk/lex.c:496 in word Shadow bytes around the buggy address: 0x0abba1f133d0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0abba1f133e0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0abba1f133f0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0abba1f13400: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0abba1f13410: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 =>0x0abba1f13420: 04 f9 f9 f9 f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 0x0abba1f13430: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 0x0abba1f13440: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abba1f13450: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abba1f13460: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abba1f13470: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 And here's the stack trace from hwasan: Stack Trace: RELADDR FUNCTION FILE:LINE 00000000000168d4 word external/one-true-awk/lex.c:496:18 000000000002d1ec yyparse y.tab.c:2460:16 000000000001c82c main external/one-true-awk/main.c:179:2 00000000000b41a0 __libc_init bionic/libc/bionic/libc_init_dynamic.cpp:151:8 As it says, we're doing a 4-byte read from a 1-byte global. `infunc` is declared as an int but defined as a bool. Signed-off-by: Evgenii Stepanov <eugenis@google.com> * Add ASan cflags to makefile. They're not used by default, but this way they're easily to hand next time they're wanted. Bug: http://b/150168534 Test: treehugger (cherry picked from commit 7b245a02668dcb9f9677b36f5745cfd07cc216bd) Change-Id: I1302532f27970b3e73df6536238c2777798bd102
This is the version of awk
described in The AWK Programming Language, by Al Aho, Brian Kernighan, and Peter Weinberger (Addison-Wesley, 1988, ISBN 0-201-07981-X).
Copyright (C) Lucent Technologies 1997
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that the copyright notice and this permission notice and warranty disclaimer appear in supporting documentation, and that the name Lucent Technologies or any of its entities not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.
LUCENT DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL LUCENT OR ANY OF ITS ENTITIES BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Changes, mostly bug fixes and occasional enhancements, are listed in FIXES
. If you distribute this code further, please please please distribute FIXES
with it.
If you find errors, please report them to bwk@cs.princeton.edu. Please also open an issue in the GitHub issue tracker, to make it easy to track issues. Thanks.
Pull requests are welcome. Some guidelines:
Please do not use functions or facilities that are not standard (e.g., strlcpy()
, fpurge()
).
Please run the test suite and make sure that your changes pass before posting the pull request. To do so:
awk
somewhere in your path. Call it nawk
(for example).oldawk=nawk make check > check.out 2>&1
.BAD
or error
in the result. In general, look over it manually to make sure there are no errors.Please create the pull request with a request to merge into the staging
branch instead of into the master
branch. This allows us to do testing, and to make any additional edits or changes after the merge but before merging to master
.
The program itself is created by
make
which should produce a sequence of messages roughly like this:
yacc -d awkgram.y conflicts: 43 shift/reduce, 85 reduce/reduce mv y.tab.c ytab.c mv y.tab.h ytab.h cc -c ytab.c cc -c b.c cc -c main.c cc -c parse.c cc maketab.c -o maketab ./maketab >proctab.c cc -c proctab.c cc -c tran.c cc -c lib.c cc -c run.c cc -c lex.c cc ytab.o b.o main.o parse.o proctab.o tran.o lib.o run.o lex.o -lm
This produces an executable a.out
; you will eventually want to move this to some place like /usr/bin/awk
.
If your system does not have yacc
or bison
(the GNU equivalent), you need to install one of them first.
NOTE: This version uses ANSI C (C 99), as you should also. We have compiled this without any changes using gcc -Wall
and/or local C compilers on a variety of systems, but new systems or compilers may raise some new complaint; reports of difficulties are welcome.
This compiles without change on Macintosh OS X using gcc
and the standard developer tools.
The version of malloc
that comes with some systems is sometimes astonishly slow. If awk
seems slow, you might try fixing that. More generally, turning on optimization can significantly improve awk
's speed, perhaps by 1/3 for highest levels.
Wed Jan 1 22:44:38 IST 2020