fix out of bounds read on error message.

ASAN previously would crash on this new test. The filename passed to error_exit() was not zeroed, and would allow printf to scan into the heap looking for the null terminator.
2026-01-26 06:07:55 +00:00 · 2023-01-10 21:56:43 -08:00 · 2023-01-10 21:56:43 -08:00 · 3309e66071
commit 3309e66071
parent 58b42b2384
2 changed files with 6 additions and 4 deletions
--- a/tests/patch.test
+++ b/tests/patch.test
@ -90,11 +90,13 @@ testing "filter timestamps" "patch > /dev/null && cat bork" \
 testing "quoted name" "patch > /dev/null && cat 'fruit bat'" \
  "hello\n" "" '
 --- /dev/null
-+++ "fruit bat"
+++ "fruit ba\164"
@@ -0,0 +1 @@
 +hello
 '

+testing "bad quote" "patch 2>&1" $'patch: bad "filename\n' "" '--- "filename'
+
 testing "dry run doesn't delete file" \
  "patch --dry-run > /dev/null && [ -e 'fruit bat' ] && echo yes" "yes\n" "" '
 --- "fruit bat"
--- a/toys/posix/patch.c
+++ b/toys/posix/patch.c
@ -279,13 +279,13 @@ done:
 // read a filename that has been quoted or escaped
 static char *unquote_file(char *filename)
 {
-  char *s = filename, *t;
+  char *s = filename, *t, *newfile;

  // Return copy of file that wasn't quoted
  if (*s++ != '"' || !*s) return xstrdup(filename);

  // quoted and escaped filenames are larger than the original
-  for (t = filename = xmalloc(strlen(s) + 1); *s != '"'; s++) {
+  for (t = newfile = xmalloc(strlen(s) + 1); *s != '"'; s++) {
    if (!s[1]) error_exit("bad %s", filename);

    // don't accept escape sequences unless the filename is quoted
@ -300,7 +300,7 @@ static char *unquote_file(char *filename)
  }
  *t = 0;

-  return filename;
+  return newfile;
 }

 // Read a patch file and find hunks, opening/creating/deleting files.