On 08/27/2010 04:57 PM, Carlo Teubner wrote:
> Just for fun, I ran smatch (
http://smatch.sourceforge.net/) on the m4
> code. The only legitimate issue it found is fixed by this patch:
>
> diff --git a/modules/format.c b/modules/format.c
> index b772290..2787154 100644
> --- a/modules/format.c
> +++ b/modules/format.c
> @@ -333,7 +333,7 @@ format (m4 *context, m4_obstack *obs, int argc,
> m4_macro_args *argv)
> }
>
> c = *fmt;
> - if (c> sizeof ok || !ok[c] || !f_len)
> + if (c>= sizeof ok || !ok[c] || !f_len)
Thanks for the report. Indeed, this was making a branching decision
based on out-of-bounds memory if you pass "%\x80" through the format
builtin. And on my Fedora machine, this minimal test exposes the problem:
$ echo 'format(%format(%c,128))' | m4
m4: internal error detected; please report this bug to <
bug-m4@...>:
Aborted
I'll be applying your patch, plus a testsuite addition, shortly, then
working on releasing 1.4.15.
--
Eric Blake
eblake@... +1-801-349-2682
Libvirt virtualization library
http://libvirt.org_______________________________________________
M4-patches mailing list
M4-patches@...
http://lists.gnu.org/mailman/listinfo/m4-patches
