Bug w/ gawk tat extension

[Glenn Zazulia]

Hello,

I noticed a bug with the readlink() call in extension/filefuncs.c when
stat()ing a symlink.  Notice that the code does not check the return
value. When readlink() fails, the return value is set to -1, of course,
and that value is used as an array offset a few lines later, corrupting
the stack and ultimately causing a SEGV abort.

Example filesystem symlinks that cause readlink() to fail can be found
in the /proc filesystem on Linux systems (at least on the various RedHat
versions that I've tested, such as 8 & 9).  In particular, look for the
low-numbered kernel process, such as /proc/10/exe.

Since this bug occurs just in the sample extension code, it's probably
not considered especially serious, but I thought I'd report it anyway.
Please see below for a sample patch...

Glenn Zazulia
address@hidden

--

--- filefuncs.c 2004-06-21 08:05:51.000000000 -0600
+++ filefuncs.new.c     2005-06-17 14:23:39.000000000 -0600
@@ -260,14 +260,15 @@
                char buf[BUFSIZ*2];
                int linksize;
 
-               linksize = readlink(file->stptr, buf, sizeof buf);
-               /* should make this smarter */
-               if (linksize == sizeof(buf))
-                       fatal("size of symbolic link too big");
-               buf[linksize] = '\0';
-
-               aptr = assoc_lookup(array, tmp_string("linkval", 7), FALSE);
-               *aptr = make_string(buf, linksize);
+               if ((linksize = readlink(file->stptr, buf, sizeof buf)) >= 0) {
+                   /* should make this smarter */
+                   if (linksize >= sizeof(buf))
+                           fatal("size of symbolic link too big");
+                   buf[linksize] = '\0';
+
+                   aptr = assoc_lookup(array, tmp_string("linkval", 7), FALSE);
+                   *aptr = make_string(buf, linksize);
+               }
        }
 
        /* add a type field */