delete ARGV

Question

delete ARGV

realchonk opened this issue 7 months ago · 6 comments

Example

$ awk 'BEGIN { delete ARGV; } { print; }' a b c
Segmentation fault (core dumped)

Environment

OS: OpenBSD/amd64 7.5
Version: both the current git and the one in base

Answer 1 · 2024-05-01T19:23:41.000Z

I can take a look at this over the weekend.

Answer 2 · 2024-05-01T19:51:37.000Z

This is a basic use-after-free bug, easy to reproduce under valgrind. The ARGV symbol table is freed by awkdelete() but the ARGVtab global still has the old (now freed) value. I would expect ENVIRON to have a similar issue. Adding checks for ARGVtab and ENVtab in awkdelete() would work around the issue but maybe there is a more elegant solution.

Actually, ENVtab is not an issue as it is only used in envinit() and doesn't actually need to be global.

Answer 3 · 2024-05-01T20:04:02.000Z

thanks @riscygeek for the report. I'm amazed we never spotted this before.

Answer 4 · 2024-05-01T20:41:28.000Z

Keeping a pointer to the Cell containing ARGV instead of the table itself avoids the problem.

Answer 5 · 2024-05-01T23:16:04.000Z

thanks @riscygeek for the report. I'm amazed we never spotted this before.

I found this while trying to create something like this:

#!/bin/sh
# Can't do "#!/usr/bin/env awk -f", because POSIX doesn't specify what happens,
# if I have more than one argument in the shebang \
exec awk -f "$0" "$@"

BEGIN {
	for (i = 1; i < ARGC; ++i)
		print ARGV[i];
	delete ARGV;
}

Just out of curiosity, do you know if POSIX specifies what happens, if you delete ARGV?
GNU Awk just assumes, that no arguments were given.

Answer 6 · 2024-05-04T18:18:24.000Z

todd's changes were pulled.