diff options
author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2020-07-30 00:33:50 +0000 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2020-07-30 00:33:50 +0000 |
commit | e05bf6383d6da3dd41ab134588bbcd65339f224e (patch) | |
tree | fa09c0bdb249ac6b96b7e8dd51264a18d3c83bd1 /system/bison/uaf.patch | |
parent | a7fcbe1048c66b3d4751e576ecc643fd034e3038 (diff) | |
download | packages-e05bf6383d6da3dd41ab134588bbcd65339f224e.tar.gz packages-e05bf6383d6da3dd41ab134588bbcd65339f224e.tar.bz2 packages-e05bf6383d6da3dd41ab134588bbcd65339f224e.tar.xz packages-e05bf6383d6da3dd41ab134588bbcd65339f224e.zip |
system/bison: Update to 3.7, disable tests
Diffstat (limited to 'system/bison/uaf.patch')
-rw-r--r-- | system/bison/uaf.patch | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/system/bison/uaf.patch b/system/bison/uaf.patch new file mode 100644 index 000000000..19ab59c56 --- /dev/null +++ b/system/bison/uaf.patch @@ -0,0 +1,160 @@ +From be95a4fe2951374676efc9454ffee8638faaf68d Mon Sep 17 00:00:00 2001 +From: Akim Demaille <akim.demaille@gmail.com> +Date: Tue, 28 Jul 2020 18:51:30 +0200 +Subject: scanner: don't crash on strings containing a NUL byte + +We crash if the input contains a string containing a NUL byte. +Reported by Suhwan Song. +https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html + +* src/flex-scanner.h (STRING_FREE): Avoid accidental use of +last_string. +* src/scan-gram.l: Don't call STRING_FREE without calling +STRING_FINISH first. +* tests/input.at (Invalid inputs): Check that case. +--- + THANKS | 1 + + src/flex-scanner.h | 10 +++++++++- + src/scan-gram.l | 3 ++- + tests/input.at | 48 ++++++++++++++++++++++++++++++++++++++---------- + 4 files changed, 50 insertions(+), 12 deletions(-) + +diff --git a/THANKS b/THANKS +index ac073ea6..5c64da3c 100644 +--- a/THANKS ++++ b/THANKS +@@ -185,6 +185,7 @@ Simon Sobisch simonsobisch@web.de + Stefano Lattarini stefano.lattarini@gmail.com + Stephen Cameron stephenmcameron@gmail.com + Steve Murphy murf@parsetree.com ++Suhwan Song prada960808@gmail.com + Sum Wu sum@geekhouse.org + Théophile Ranquet theophile.ranquet@gmail.com + Thiru Ramakrishnan thiru.ramakrishnan@gmail.com +diff --git a/src/flex-scanner.h b/src/flex-scanner.h +index 56ca7ce3..028847fd 100644 +--- a/src/flex-scanner.h ++++ b/src/flex-scanner.h +@@ -112,7 +112,15 @@ static struct obstack obstack_for_string; + # define STRING_1GROW(Char) \ + obstack_1grow (&obstack_for_string, Char) + +-# define STRING_FREE() \ ++# ifdef NDEBUG ++# define STRING_FREE() \ + obstack_free (&obstack_for_string, last_string) ++# else ++# define STRING_FREE() \ ++ do { \ ++ obstack_free (&obstack_for_string, last_string); \ ++ last_string = NULL; \ ++ } while (0) ++#endif + + #endif +diff --git a/src/scan-gram.l b/src/scan-gram.l +index f8d85f23..ad2904ce 100644 +--- a/src/scan-gram.l ++++ b/src/scan-gram.l +@@ -403,6 +403,7 @@ eqopt ({sp}=)? + { + \0 { + complain (loc, complaint, _("invalid null character")); ++ STRING_FINISH (); + STRING_FREE (); + return GRAM_error; + } +@@ -599,7 +600,6 @@ eqopt ({sp}=)? + STRING_FINISH (); + BEGIN INITIAL; + loc->start = token_start; +- val->CHAR = last_string[0]; + + if (last_string[0] == '\0') + { +@@ -615,6 +615,7 @@ eqopt ({sp}=)? + } + else + { ++ val->CHAR = last_string[0]; + STRING_FREE (); + return CHAR; + } +diff --git a/tests/input.at b/tests/input.at +index 4da63795..effcd1cc 100644 +--- a/tests/input.at ++++ b/tests/input.at +@@ -1,4 +1,4 @@ +-# Checking the Bison scanner. -*- Autotest -*- ++# Checking the Bison reader. -*- Autotest -*- + + # Copyright (C) 2002-2015, 2018-2020 Free Software Foundation, Inc. + +@@ -78,10 +78,13 @@ AT_CLEANUP + ## Invalid inputs. ## + ## ---------------- ## + ++# The truly bad guys no human would write, but easily uncovered by ++# fuzzers. + AT_SETUP([Invalid inputs]) + + AT_DATA([input.y], + [[\000\001\002\377? ++"\000" + %% + ? + default: 'a' } +@@ -92,16 +95,41 @@ default: 'a' } + ]]) + AT_PERL_REQUIRE([[-pi -e 's/\\(\d{3})/chr(oct($1))/ge' input.y]]) + +-AT_BISON_CHECK([input.y], [1], [], ++AT_BISON_CHECK([-fcaret input.y], [1], [], [stderr]) ++ ++# Autotest's diffing, when there are NUL bytes, just reports "binary ++# files differ". So don't leave NUL bytes. ++AT_PERL_CHECK([[-p -e 's{([\0\377])}{sprintf "\\x%02x", ord($1)}ge' stderr]], [], + [[input.y:1.1-2: error: invalid characters: '\0\001\002\377?' +-input.y:3.1: error: invalid character: '?' +-input.y:4.14: error: invalid character: '}' +-input.y:5.1: error: invalid character: '%' +-input.y:5.2: error: invalid character: '&' +-input.y:6.1-17: error: invalid directive: '%a-does-not-exist' +-input.y:7.1: error: invalid character: '%' +-input.y:7.2: error: invalid character: '-' +-input.y:8.1-9.0: error: missing '%}' at end of file ++ 1 | \x00\xff? ++ | ^~ ++input.y:2.2: error: invalid null character ++ 2 | "\x00" ++ | ^ ++input.y:4.1: error: invalid character: '?' ++ 4 | ? ++ | ^ ++input.y:5.14: error: invalid character: '}' ++ 5 | default: 'a' } ++ | ^ ++input.y:6.1: error: invalid character: '%' ++ 6 | %& ++ | ^ ++input.y:6.2: error: invalid character: '&' ++ 6 | %& ++ | ^ ++input.y:7.1-17: error: invalid directive: '%a-does-not-exist' ++ 7 | %a-does-not-exist ++ | ^~~~~~~~~~~~~~~~~ ++input.y:8.1: error: invalid character: '%' ++ 8 | %- ++ | ^ ++input.y:8.2: error: invalid character: '-' ++ 8 | %- ++ | ^ ++input.y:9.1-10.0: error: missing '%}' at end of file ++ 9 | %{ ++ | ^~ + ]]) + + AT_CLEANUP +-- +cgit v1.2.1 + |