diff options
| author | Greg Hudson <ghudson@mit.edu> | 2024-05-21 19:10:50 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2024-05-28 16:34:49 -0400 |
| commit | e85e30234f0e0e250a00e5f3468bb7311a7d3fb2 (patch) | |
| tree | b496022ec9d9587169dba90fec1599c675e7fff1 | |
| parent | c3dccd348e3c557cbc34b3be0cbc13aff1bfa144 (diff) | |
| download | krb5-e85e30234f0e0e250a00e5f3468bb7311a7d3fb2.zip krb5-e85e30234f0e0e250a00e5f3468bb7311a7d3fb2.tar.gz krb5-e85e30234f0e0e250a00e5f3468bb7311a7d3fb2.tar.bz2 | |
Fix recently-introduced profile parsing bugs
When parsing a "}", do not ascend to the parent node if we are still
within a discarded section after decrementing group_level, as we did
not descend into a child node at the beginning of the subsection.
(Discovered by OSS-Fuzz.)
Also adjust the level check to take into account the shifted meaning
of state->group_level, so that we properly reject a "}" within a
top-level section.
Both bugs were introduced in commit
f951625e6bd3ff44f1056958b56e35a1a043e362.
| -rw-r--r-- | src/util/profile/final6.ini | 7 | ||||
| -rw-r--r-- | src/util/profile/prof_parse.c | 14 |
2 files changed, 16 insertions, 5 deletions
diff --git a/src/util/profile/final6.ini b/src/util/profile/final6.ini index c1e44b7..0035c47 100644 --- a/src/util/profile/final6.ini +++ b/src/util/profile/final6.ini @@ -25,6 +25,13 @@ bb = { bba = 2 } + # Regression test for a bug where each subsection within a + # discarded section caused the parser to ascend into the + # parent node without descending into a child node first. + bb = { + } + bb = { + } [c] ca* = { diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c index c581fb7..2e329de 100644 --- a/src/util/profile/prof_parse.c +++ b/src/util/profile/prof_parse.c @@ -124,18 +124,22 @@ static errcode_t parse_std_line(char *line, struct parse_state *state) return 0; } if (ch == '}') { - if (state->group_level == 0) + if (state->group_level < 2) return PROF_EXTRA_CBRACE; if (*(cp+1) == '*') profile_make_node_final(state->current_section); - retval = profile_get_node_parent(state->current_section, - &state->current_section); - if (retval) - return retval; state->group_level--; /* Check if we are done discarding values from a subsection. */ if (state->group_level < state->discard) state->discard = 0; + /* Ascend to the current node's parent, unless the subsection we ended + * was discarded (in which case we never descended). */ + if (!state->discard) { + retval = profile_get_node_parent(state->current_section, + &state->current_section); + if (retval) + return retval; + } return 0; } /* |