From gshapiro@gshapiro.net Mon Apr 16 11:57:13 2001 Return-Path: Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 60F7037B43E for ; Mon, 16 Apr 2001 11:57:12 -0700 (PDT) (envelope-from gshapiro@gshapiro.net) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.0.Beta7/8.12.0.Beta7) id f3GIvBDF035576; Mon, 16 Apr 2001 11:57:11 -0700 (PDT) Message-Id: <200104161857.f3GIvBDF035576@horsey.gshapiro.net> Date: Mon, 16 Apr 2001 11:57:11 -0700 (PDT) From: gshapiro+FreeBSD-gnats@gshapiro.net Reply-To: gshapiro+FreeBSD-gnats@gshapiro.net To: FreeBSD-gnats-submit@freebsd.org Subject: m4 silently truncates long strings X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 26619 >Category: bin >Synopsis: m4 silently truncates long lines >Confidential: no >Severity: serious >Priority: medium >Responsible: gshapiro >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 16 12:00:02 PDT 2001 >Closed-Date: Thu May 24 13:52:55 PDT 2001 >Last-Modified: Thu May 24 13:53:08 PDT 2001 >Originator: Gregory Neil Shapiro >Release: FreeBSD 4.3-RC i386 >Organization: >Environment: System: FreeBSD horsey.gshapiro.net 4.3-RC FreeBSD 4.3-RC #15: Sat Apr 14 12:21:56 PDT 2001 gshapiro@horsey.gshapiro.net:/home/FreeBSD/RELENG_4/obj/sys/HORSEY i386 >Description: m4 will silently truncate long strings on some operations leaving the data corrupted. >How-To-Repeat: The m4 file below demonstrates the problem. Note that after running it with: m4 test.m4 The output shows SameList has been truncated without an error from m4. Here is test.m4: define(`LongList', ` assert.c debug.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c rget.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c syslogio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c vsprintf.c vsscanf.c wbuf.c wsetup.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c signal.c clock.c config.c shm.c ')dnl define(`SameList', `substr(LongList, 0, index(LongList, `.'))`'substr(LongList, index(LongList, `.'))')dnl Long`'List is: LongList Same`'List is: SameList ifelse(len(LongList), len(SameList), `', `errprint(`This version of m4 is broken: length problem')')dnl >Fix: >Release-Note: >Audit-Trail: From: Kris Kennaway To: gshapiro+FreeBSD-gnats@gshapiro.net Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/26619: m4 silently truncates long strings Date: Sat, 5 May 2001 22:39:16 -0700 --TYecfFk8j8mZq+dy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Apr 16, 2001 at 11:57:11AM -0700, gshapiro+FreeBSD-gnats@gshapiro.net wrote: > >Description: > m4 will silently truncate long strings on some operations leaving the data > corrupted. Any luck at identifying where the problem lies, or a fix? Kris --TYecfFk8j8mZq+dy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE69OOEWry0BWjoQKURArHBAJ9tRGWal8+eVAR2gZPi33njy9EsIACghTX7 cyA+5DMKInryqoRwl6ic1t0= =RCZQ -----END PGP SIGNATURE----- --TYecfFk8j8mZq+dy-- From: Gregory Neil Shapiro To: Kris Kennaway Cc: gshapiro+FreeBSD-gnats@gshapiro.net, FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/26619: m4 silently truncates long strings Date: Wed, 9 May 2001 09:20:10 -0700 >> >Description: >> m4 will silently truncate long strings on some operations leaving the data >> corrupted. kris> Any luck at identifying where the problem lies, or a fix? I have a fix but since I am not an expert on the m4 internals (damn, should have taken compilers in college), I didn't want to blindly commit it. This fixes the problem (to be honest, it's changes the problem from 512 characters to 4096 characters). However, I don't know if it introduces any side effects. It may be possible that some of the code was depending on MAXSTR being 512 and changing it introduces a buffer overflow. Index: mdef.h =================================================================== RCS file: /src/FreeBSD/cvsrepo/src/usr.bin/m4/mdef.h,v retrieving revision 1.3 diff -u -r1.3 mdef.h --- mdef.h 1995/05/30 06:31:35 1.3 +++ mdef.h 2001/05/09 16:17:55 @@ -96,7 +96,7 @@ #define EOS (char) 0 #define MAXINP 10 /* maximum include files */ #define MAXOUT 10 /* maximum # of diversions */ -#define MAXSTR 512 /* maximum size of string */ +#define MAXSTR 4096 /* maximum size of string */ #define BUFSIZE 4096 /* size of pushback buffer */ #define STACKMAX 1024 /* size of call stack */ #define STRSPMAX 4096 /* size of string space */ State-Changed-From-To: open->feedback State-Changed-By: gshapiro State-Changed-When: Fri May 18 11:41:07 PDT 2001 State-Changed-Why: A patch from Mark Peek has been applied to -CURRENT. The PR will be closed when the patch is applied to -STABLE (RELENG_4). Responsible-Changed-From-To: freebsd-bugs->gshapiro Responsible-Changed-By: gshapiro Responsible-Changed-When: Fri May 18 11:41:07 PDT 2001 Responsible-Changed-Why: In a strange twist of fate, even though I am the submitter, a patch was given to me which fixes the problem so I am now responsible for committing the fix. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=26619 State-Changed-From-To: feedback->closed State-Changed-By: gshapiro State-Changed-When: Thu May 24 13:52:55 PDT 2001 State-Changed-Why: The changes have been committed to -STABLE (RELENG_4). http://www.FreeBSD.org/cgi/query-pr.cgi?pr=26619 >Unformatted: