Page MenuHomeFreeBSD
Differential D51796

indent: Fix buffer overflow
ClosedPublic
Actions

Authored by des on Aug 7 2025, 4:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Sep 1, 12:05 PM
Unknown Object (File)
Thu, Aug 28, 2:04 AM
Unknown Object (File)
Wed, Aug 20, 11:47 PM
Unknown Object (File)
Wed, Aug 20, 11:18 PM
Unknown Object (File)
Wed, Aug 20, 11:12 PM
Unknown Object (File)
Wed, Aug 20, 9:49 PM
Unknown Object (File)
Mon, Aug 18, 11:45 PM
Unknown Object (File)
Mon, Aug 18, 8:26 PM
View All 12 Files
Subscribers
bnovkov
imp

Details

Reviewers
bnovkov
Group Reviewers
Klara
Commits
rG1229e3a06de9: indent: Fix buffer overflow
rGd26dac01421e: indent: Fix buffer overflow
rGeb41613d2297: indent: Fix buffer overflow
Summary

The function used to create a backup of the input before starting work
used a static buffer and did not check that the file name it constructed
did not overflow. Switch to using asprintf(), clean up the rest of the
function, and update some comments that still referred to an earlier
version of the code.

MFC after: 1 week
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 66069
Build 62952: arc lint + arc unit

Event Timeline

des created this revision.Aug 7 2025, 4:35 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 7 2025, 4:35 PM
des requested review of this revision.Aug 7 2025, 4:35 PM
Harbormaster completed remote builds in B66068: Diff 159974.Aug 7 2025, 4:35 PM
des added a parent revision: D51795: indent: Simplify test script.Aug 7 2025, 4:35 PM
bnovkov added a subscriber: bnovkov.Aug 7 2025, 4:46 PM
bnovkov added inline comments.
usr.bin/indent/indent.c
1270

Shouldn't we free bakfile before returning?

des marked an inline comment as done.Aug 7 2025, 6:28 PM
des added inline comments.
usr.bin/indent/indent.c
1270

yeah, it used to be global, but there's no reason to keep it around.

des marked an inline comment as done.Aug 7 2025, 6:28 PM
des updated this revision to Diff 159989.Aug 7 2025, 6:29 PM

free

Harbormaster completed remote builds in B66069: Diff 159989.Aug 7 2025, 6:29 PM
des changed the visibility from "Public (No Login Required)" to "Subscribers".Aug 7 2025, 6:59 PM
des changed the edit policy from "All Users" to "Subscribers".
bnovkov accepted this revision as: bnovkov.Aug 7 2025, 10:02 PM
This revision is now accepted and ready to land.Aug 7 2025, 10:02 PM
des changed the visibility from "Subscribers" to "Public (No Login Required)".Aug 7 2025, 10:51 PM
des changed the edit policy from "Subscribers" to "All Users".
Closed by commit rGeb41613d2297: indent: Fix buffer overflow (authored by des). · Explain WhyAug 7 2025, 11:37 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rGeb41613d2297: indent: Fix buffer overflow.
des added a commit: rGd26dac01421e: indent: Fix buffer overflow.Thu, Aug 14, 4:04 PM
des added a commit: rG1229e3a06de9: indent: Fix buffer overflow.

Revision Contents
Changeset List

PathSize
usr.bin/
indent/
40 lines
tests/
17 lines

Diff 159989

View Options

usr.bin/indent/indent.c

Loading...
View Options

usr.bin/indent/tests/functional_test.sh

Loading...