From 3cf67f58ce8e42f9ce8d7be45936eedf79751b46 Mon Sep 17 00:00:00 2001 From: "Andrew J. Schorr" Date: Tue, 9 Aug 2016 11:33:27 -0400 Subject: If a strnum integer has a non-standard string representation, do not accept it as an integer array subscript. --- int_array.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 65 insertions(+), 5 deletions(-) (limited to 'int_array.c') diff --git a/int_array.c b/int_array.c index a8de3d55..1fa32bd7 100644 --- a/int_array.c +++ b/int_array.c @@ -78,27 +78,86 @@ int_array_init(NODE *symbol, NODE *subs ATTRIBUTE_UNUSED) return & success_node; } +/* + * standard_integer_string -- check whether the string matches what + * sprintf("%ld", ) would produce. This is accomplished by accepting + * only strings that look like /^0$/ or /^-?[1-9][0-9]*$/. This should be + * faster than comparing vs. the results of actually calling sprintf. + */ + +static bool +standard_integer_string(const char *s, size_t len) +{ + const char *end; + + if (len == 0) + return false; + if (*s == '0' && len == 1) + return true; + end = s + len; + /* ignore leading minus sign */ + if (*s == '-' && ++s == end) + return false; + /* check first char is [1-9] */ + if (*s < '1' || *s > '9') + return false; + while (++s < end) { + if (*s < '0' || *s > '9') + return false; + } + return true; +} + /* is_integer --- check if subscript is an integer */ NODE ** is_integer(NODE *symbol, NODE *subs) { +#ifndef CHECK_INTEGER_USING_FORCE_NUMBER long l; +#endif AWKNUM d; + if ((subs->flags & NUMINT) != 0) + /* quick exit */ + return & success_node; + if (subs == Nnull_string || do_mpfr) return NULL; - if ((subs->flags & NUMINT) != 0) - return & success_node; +#ifdef CHECK_INTEGER_USING_FORCE_NUMBER + /* + * This approach is much simpler, because we remove all of the strtol + * logic below. But this may be slower in some usage cases. + */ + if ((subs->flags & NUMCUR) == 0) { + str2number(subs); - if ((subs->flags & NUMBER) != 0) { + /* check again in case force_number set NUMINT */ + if ((subs->flags & NUMINT) != 0) + return & success_node; + } +#else /* CHECK_INTEGER_USING_FORCE_NUMBER */ + if ((subs->flags & NUMCUR) != 0) { +#endif /* CHECK_INTEGER_USING_FORCE_NUMBER */ d = subs->numbr; if (d <= INT32_MAX && d >= INT32_MIN && d == (int32_t) d) { - subs->flags |= NUMINT; - return & success_node; + /* + * the numeric value is an integer, but we must + * protect against strings that cannot be generated + * from sprintf("%ld", ). This can happen + * with strnum or string values. We could skip this + * check for pure NUMBER values, but unfortunately the + * code does not currently distinguish between NUMBER + * and strnum values. + */ + if ((subs->flags & STRCUR) == 0 || standard_integer_string(subs->stptr, subs->stlen)) { + subs->flags |= NUMINT; + return & success_node; + } } return NULL; +#ifndef CHECK_INTEGER_USING_FORCE_NUMBER } /* a[3]=1; print "3" in a -- true @@ -151,6 +210,7 @@ is_integer(NODE *symbol, NODE *subs) } } return NULL; +#endif /* CHECK_INTEGER_USING_FORCE_NUMBER */ } -- cgit v1.2.3 From dcb6d54b3c272a7c8f0efadb7fad215e39248cad Mon Sep 17 00:00:00 2001 From: "Arnold D. Robbins" Date: Fri, 12 Aug 2016 07:11:23 +0300 Subject: Minor text and formatting edits in int_array.c. --- int_array.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'int_array.c') diff --git a/int_array.c b/int_array.c index 1fa32bd7..6cffec86 100644 --- a/int_array.c +++ b/int_array.c @@ -143,7 +143,7 @@ is_integer(NODE *symbol, NODE *subs) d = subs->numbr; if (d <= INT32_MAX && d >= INT32_MIN && d == (int32_t) d) { /* - * the numeric value is an integer, but we must + * The numeric value is an integer, but we must * protect against strings that cannot be generated * from sprintf("%ld", ). This can happen * with strnum or string values. We could skip this @@ -151,7 +151,8 @@ is_integer(NODE *symbol, NODE *subs) * code does not currently distinguish between NUMBER * and strnum values. */ - if ((subs->flags & STRCUR) == 0 || standard_integer_string(subs->stptr, subs->stlen)) { + if ( (subs->flags & STRCUR) == 0 + || standard_integer_string(subs->stptr, subs->stlen)) { subs->flags |= NUMINT; return & success_node; } -- cgit v1.2.3