diff options
| author | Robin Haberkorn <robin.haberkorn@googlemail.com> | 2022-11-28 06:05:48 +0300 | 
|---|---|---|
| committer | Robin Haberkorn <robin.haberkorn@googlemail.com> | 2022-11-28 06:05:48 +0300 | 
| commit | 9a20db4b5257d56d2d6030a20ad42f5e0dc9f25b (patch) | |
| tree | 194d28409d2e4e5e15ed172b16c8ff5396cd2fb7 /lib/lexers/batch.tes | |
| parent | 9c789e80407cdfe3f5f7d2feb8e77bdeb130b78a (diff) | |
fixed a number of crashes due to empty string arguments or uninitialized registers
* An empty but valid teco_string_t can contain NULL pointers.
  More precisely, a state's done_cb() can be invoked with such empty strings
  in case of empty string arguments.
  Also a registers get_string() can return the NULL pointer
  for existing registers with uninitialized string parts.
* In all of these cases, the language should treat "uninitialized" strings
  exactly like empty strings.
* Not doing so, resulted in a number of vulnerabilities.
  * EN$$ crashed if "_" was uninitialized
  * The ^E@q and ^ENq string building constructs would crash for existing but
    uninitialized registers q.
  * ?$ would crash
  * ESSETILEXER$$ would crash
* This is now fixed.
  Test cases have been added.
* I cannot guarantee that I have found all such cases.
  Generally, it might be wise to change our definitions and make sure that
  every teco_string_t must have an associated heap object to be valid.
  All functions returning pointer+length pairs should consequently also never
  return NULL pointers.
Diffstat (limited to 'lib/lexers/batch.tes')
0 files changed, 0 insertions, 0 deletions
