Page MenuHomeFreeBSD
Differential D51796

indent: Fix buffer overflow
ClosedPublic
Actions

Authored by des on Aug 7 2025, 4:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 18, 1:52 PM
Unknown Object (File)
Sun, Nov 9, 4:46 PM
Unknown Object (File)
Nov 6 2025, 10:14 PM
Unknown Object (File)
Nov 4 2025, 12:30 PM
Unknown Object (File)
Nov 3 2025, 12:56 AM
Unknown Object (File)
Nov 3 2025, 12:56 AM
Unknown Object (File)
Nov 3 2025, 12:56 AM
Unknown Object (File)
Nov 3 2025, 12:54 AM
View All 34 Files
Subscribers
bnovkov
imp

Details

Reviewers
bnovkov
Group Reviewers
Klara
Commits
rG1229e3a06de9: indent: Fix buffer overflow
rGd26dac01421e: indent: Fix buffer overflow
rGeb41613d2297: indent: Fix buffer overflow
Summary

The function used to create a backup of the input before starting work
used a static buffer and did not check that the file name it constructed
did not overflow. Switch to using asprintf(), clean up the rest of the
function, and update some comments that still referred to an earlier
version of the code.

MFC after: 1 week
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des created this revision.Aug 7 2025, 4:35 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 7 2025, 4:35 PM
des requested review of this revision.Aug 7 2025, 4:35 PM
Harbormaster completed remote builds in B66068: Diff 159974.Aug 7 2025, 4:35 PM
des added a parent revision: D51795: indent: Simplify test script.Aug 7 2025, 4:35 PM
bnovkov added a subscriber: bnovkov.Aug 7 2025, 4:46 PM
bnovkov added inline comments.
usr.bin/indent/indent.c
1270

Shouldn't we free bakfile before returning?

des marked an inline comment as done.Aug 7 2025, 6:28 PM
des added inline comments.
usr.bin/indent/indent.c
1270

yeah, it used to be global, but there's no reason to keep it around.

des marked an inline comment as done.Aug 7 2025, 6:28 PM
des updated this revision to Diff 159989.Aug 7 2025, 6:29 PM

free

Harbormaster completed remote builds in B66069: Diff 159989.Aug 7 2025, 6:29 PM
des changed the visibility from "Public (No Login Required)" to "Subscribers".Aug 7 2025, 6:59 PM
des changed the edit policy from "All Users" to "Subscribers".
bnovkov accepted this revision as: bnovkov.Aug 7 2025, 10:02 PM
This revision is now accepted and ready to land.Aug 7 2025, 10:02 PM
des changed the visibility from "Subscribers" to "Public (No Login Required)".Aug 7 2025, 10:51 PM
des changed the edit policy from "Subscribers" to "All Users".
Closed by commit rGeb41613d2297: indent: Fix buffer overflow (authored by des). · Explain WhyAug 7 2025, 11:37 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rGeb41613d2297: indent: Fix buffer overflow.
des added a commit: rGd26dac01421e: indent: Fix buffer overflow.Aug 14 2025, 4:04 PM
des added a commit: rG1229e3a06de9: indent: Fix buffer overflow.

Revision Contents
Changeset List

PathSize
usr.bin/
indent/
40 lines
tests/
18 lines

Diff 160018

View Options

usr.bin/indent/indent.c

Loading...
View Options

usr.bin/indent/tests/functional_test.sh

Loading...