From gshapiro@gshapiro.net  Mon Apr 16 11:57:13 2001
Return-Path: <gshapiro@gshapiro.net>
Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178])
	by hub.freebsd.org (Postfix) with ESMTP id 60F7037B43E
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Apr 2001 11:57:12 -0700 (PDT)
	(envelope-from gshapiro@gshapiro.net)
Received: (from gshapiro@localhost)
	by horsey.gshapiro.net (8.12.0.Beta7/8.12.0.Beta7) id f3GIvBDF035576;
	Mon, 16 Apr 2001 11:57:11 -0700 (PDT)
Message-Id: <200104161857.f3GIvBDF035576@horsey.gshapiro.net>
Date: Mon, 16 Apr 2001 11:57:11 -0700 (PDT)
From: gshapiro+FreeBSD-gnats@gshapiro.net
Reply-To: gshapiro+FreeBSD-gnats@gshapiro.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: m4 silently truncates long strings
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         26619
>Category:       bin
>Synopsis:       m4 silently truncates long lines
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gshapiro
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 16 12:00:02 PDT 2001
>Closed-Date:    Thu May 24 13:52:55 PDT 2001
>Last-Modified:  Thu May 24 13:53:08 PDT 2001
>Originator:     Gregory Neil Shapiro
>Release:        FreeBSD 4.3-RC i386
>Organization:
>Environment:
System: FreeBSD horsey.gshapiro.net 4.3-RC FreeBSD 4.3-RC #15: Sat Apr 14 12:21:56 PDT 2001 gshapiro@horsey.gshapiro.net:/home/FreeBSD/RELENG_4/obj/sys/HORSEY i386
>Description:
m4 will silently truncate long strings on some operations leaving the data
corrupted.
>How-To-Repeat:

The m4 file below demonstrates the problem.  Note that after running it with:

m4 test.m4

The output shows SameList has been truncated without an error from m4.

Here is test.m4:

define(`LongList', ` assert.c debug.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c rget.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c syslogio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c vsprintf.c vsscanf.c wbuf.c wsetup.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c signal.c clock.c config.c shm.c ')dnl
define(`SameList', `substr(LongList, 0, index(LongList, `.'))`'substr(LongList, index(LongList, `.'))')dnl
Long`'List is: LongList

Same`'List is: SameList

ifelse(len(LongList), len(SameList), `',
`errprint(`This version of m4 is broken: length problem')')dnl

>Fix:
>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@obsecurity.org>
To: gshapiro+FreeBSD-gnats@gshapiro.net
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/26619: m4 silently truncates long strings
Date: Sat, 5 May 2001 22:39:16 -0700

 --TYecfFk8j8mZq+dy
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Mon, Apr 16, 2001 at 11:57:11AM -0700, gshapiro+FreeBSD-gnats@gshapiro.net wrote:
 
 > >Description:
 > m4 will silently truncate long strings on some operations leaving the data
 > corrupted.
 
 Any luck at identifying where the problem lies, or a fix?
 
 Kris
 
 --TYecfFk8j8mZq+dy
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.5 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE69OOEWry0BWjoQKURArHBAJ9tRGWal8+eVAR2gZPi33njy9EsIACghTX7
 cyA+5DMKInryqoRwl6ic1t0=
 =RCZQ
 -----END PGP SIGNATURE-----
 
 --TYecfFk8j8mZq+dy--

From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
To: Kris Kennaway <kris@obsecurity.org>
Cc: gshapiro+FreeBSD-gnats@gshapiro.net,
	FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/26619: m4 silently truncates long strings
Date: Wed, 9 May 2001 09:20:10 -0700

 >> >Description:
 >> m4 will silently truncate long strings on some operations leaving the data
 >> corrupted.
 
 kris> Any luck at identifying where the problem lies, or a fix?
 
 I have a fix but since I am not an expert on the m4 internals (damn, should
 have taken compilers in college), I didn't want to blindly commit it.  This
 fixes the problem (to be honest, it's changes the problem from 512
 characters to 4096 characters).  However, I don't know if it introduces any
 side effects.  It may be possible that some of the code was depending on
 MAXSTR being 512 and changing it introduces a buffer overflow.
 
 Index: mdef.h
 ===================================================================
 RCS file: /src/FreeBSD/cvsrepo/src/usr.bin/m4/mdef.h,v
 retrieving revision 1.3
 diff -u -r1.3 mdef.h
 --- mdef.h	1995/05/30 06:31:35	1.3
 +++ mdef.h	2001/05/09 16:17:55
 @@ -96,7 +96,7 @@
  #define EOS             (char) 0
  #define MAXINP          10              /* maximum include files   */
  #define MAXOUT          10              /* maximum # of diversions */
 -#define MAXSTR          512             /* maximum size of string  */
 +#define MAXSTR          4096            /* maximum size of string  */
  #define BUFSIZE         4096            /* size of pushback buffer */
  #define STACKMAX        1024            /* size of call stack      */
  #define STRSPMAX        4096            /* size of string space    */
State-Changed-From-To: open->feedback 
State-Changed-By: gshapiro 
State-Changed-When: Fri May 18 11:41:07 PDT 2001 
State-Changed-Why:  
A patch from Mark Peek <mark-ml@whistle.com> has been applied to -CURRENT. 
The PR will be closed when the patch is applied to -STABLE (RELENG_4). 


Responsible-Changed-From-To: freebsd-bugs->gshapiro 
Responsible-Changed-By: gshapiro 
Responsible-Changed-When: Fri May 18 11:41:07 PDT 2001 
Responsible-Changed-Why:  
In a strange twist of fate, even though I am the submitter, a patch was given 
to me which fixes the problem so I am now responsible for committing the fix. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=26619 
State-Changed-From-To: feedback->closed 
State-Changed-By: gshapiro 
State-Changed-When: Thu May 24 13:52:55 PDT 2001 
State-Changed-Why:  
The changes have been committed to -STABLE (RELENG_4). 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=26619 
>Unformatted:
