From 4c6f14a861a3f125cf0a54644a95aaa138e549db Mon Sep 17 00:00:00 2001 From: jilles Date: Sun, 13 Sep 2015 13:58:46 +0000 Subject: MFC r287148: sh: Fix out of bounds read when there is no ] after a [:class:]. The initial check for a matching ] was incorrect if a ] may be consumed by a [:class:]. The subsequent loop assumed that there must be a ]. Remove the initial check and make the loop cope with a missing ]. Found with afl-fuzz. --- bin/sh/tests/builtins/Makefile | 1 + bin/sh/tests/builtins/case20.0 | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 bin/sh/tests/builtins/case20.0 (limited to 'bin/sh/tests') diff --git a/bin/sh/tests/builtins/Makefile b/bin/sh/tests/builtins/Makefile index 2c90cbd..ec4cab6 100644 --- a/bin/sh/tests/builtins/Makefile +++ b/bin/sh/tests/builtins/Makefile @@ -34,6 +34,7 @@ FILES+= case16.0 FILES+= case17.0 FILES+= case18.0 FILES+= case19.0 +FILES+= case20.0 FILES+= cd1.0 FILES+= cd2.0 FILES+= cd3.0 diff --git a/bin/sh/tests/builtins/case20.0 b/bin/sh/tests/builtins/case20.0 new file mode 100644 index 0000000..03a4eb2 --- /dev/null +++ b/bin/sh/tests/builtins/case20.0 @@ -0,0 +1,9 @@ +# $FreeBSD$ + +# Shells do not agree about what this pattern should match, but it is +# certain that it must not crash and the missing close bracket must not +# be simply ignored. + +case B in +[[:alpha:]) echo bad ;; +esac -- cgit v1.1