From 9a20db4b5257d56d2d6030a20ad42f5e0dc9f25b Mon Sep 17 00:00:00 2001 From: Robin Haberkorn Date: Mon, 28 Nov 2022 06:05:48 +0300 Subject: fixed a number of crashes due to empty string arguments or uninitialized registers * An empty but valid teco_string_t can contain NULL pointers. More precisely, a state's done_cb() can be invoked with such empty strings in case of empty string arguments. Also a registers get_string() can return the NULL pointer for existing registers with uninitialized string parts. * In all of these cases, the language should treat "uninitialized" strings exactly like empty strings. * Not doing so, resulted in a number of vulnerabilities. * EN$$ crashed if "_" was uninitialized * The ^E@q and ^ENq string building constructs would crash for existing but uninitialized registers q. * ?$ would crash * ESSETILEXER$$ would crash * This is now fixed. Test cases have been added. * I cannot guarantee that I have found all such cases. Generally, it might be wise to change our definitions and make sure that every teco_string_t must have an associated heap object to be valid. All functions returning pointer+length pairs should consequently also never return NULL pointers. --- tests/testsuite.at | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/testsuite.at b/tests/testsuite.at index 2e48973..dd37053 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -93,8 +93,22 @@ AT_SETUP([Q-Register stack cleanup]) AT_CHECK([$SCITECO -e '@<:@a'], 0, ignore, ignore) AT_CLEANUP -AT_SETUP([Empty search]) -AT_CHECK([$SCITECO -e '@S//'], 0, ignore, ignore) +AT_SETUP([Uninitialized "_"-register]) +AT_CHECK([$SCITECO -e ":@S//\"S(0/0)'"], 0, ignore, ignore) +AT_CHECK([$SCITECO -e ":@EN///\"S(0/0)'"], 0, ignore, ignore) +AT_CLEANUP + +AT_SETUP([Uninitialized Q-Register in string building]) +AT_CHECK([$SCITECO -e '@I/^E@a/'], 0, ignore, ignore) +AT_CHECK([$SCITECO -e '@I/^ENa/'], 0, ignore, ignore) +AT_CLEANUP + +AT_SETUP([Empty help topic]) +AT_CHECK([$SCITECO -e '@?//'], 1, ignore, ignore) +AT_CLEANUP + +AT_SETUP([Empty lexer name]) +AT_CHECK([$SCITECO -e '@ES/SETILEXER//'], 1, ignore, ignore) AT_CLEANUP AT_BANNER([Known Bugs]) -- cgit v1.2.3