From a0e38c16bc7773d0fc62771a9935e079c00899ef Mon Sep 17 00:00:00 2001 From: Tuomas Tynkkynen Date: Sun, 25 Feb 2018 23:51:47 +0200 Subject: libexpr: Recognize newline in more places in lexer Flex's regexes have an annoying feature: the dot matches everything except a newline. This causes problems for expressions like: "${0}\ " where the backslash-newline combination matches this rule instead of the intended one mentioned in the comment: \$|\\|\$\\ { /* This can only occur when we reach EOF, otherwise the above (...|\$[^\{\"\\]|\\.|\$\\.)+ would have triggered. This is technically invalid, but we leave the problem to the parser who fails with exact location. */ return STR; } However, the parser actually accepts the resulting token sequence ('"' DOLLAR_CURLY 0 '}' STR '"'), which is a problem because the lexer rule didn't assign anything to yylval. Ultimately this leads to a crash when dereferencing a NULL pointer in ExprConcatStrings::bindVars(). The fix does change the syntax of the language in some corner cases but I think it's only turning previously invalid (or crashing) syntax to valid syntax. E.g. "a\ b" and ''a''\ b'' were previously syntax errors but now both result in "a\nb". Found by afl-fuzz. --- tests/lang/eval-okay-backslash-newline-1.exp | 1 + tests/lang/eval-okay-backslash-newline-1.nix | 2 ++ tests/lang/eval-okay-backslash-newline-2.exp | 1 + tests/lang/eval-okay-backslash-newline-2.nix | 2 ++ 4 files changed, 6 insertions(+) create mode 100644 tests/lang/eval-okay-backslash-newline-1.exp create mode 100644 tests/lang/eval-okay-backslash-newline-1.nix create mode 100644 tests/lang/eval-okay-backslash-newline-2.exp create mode 100644 tests/lang/eval-okay-backslash-newline-2.nix (limited to 'tests') diff --git a/tests/lang/eval-okay-backslash-newline-1.exp b/tests/lang/eval-okay-backslash-newline-1.exp new file mode 100644 index 000000000..3e754364c --- /dev/null +++ b/tests/lang/eval-okay-backslash-newline-1.exp @@ -0,0 +1 @@ +"a\nb" diff --git a/tests/lang/eval-okay-backslash-newline-1.nix b/tests/lang/eval-okay-backslash-newline-1.nix new file mode 100644 index 000000000..7fef3dddd --- /dev/null +++ b/tests/lang/eval-okay-backslash-newline-1.nix @@ -0,0 +1,2 @@ +"a\ +b" diff --git a/tests/lang/eval-okay-backslash-newline-2.exp b/tests/lang/eval-okay-backslash-newline-2.exp new file mode 100644 index 000000000..3e754364c --- /dev/null +++ b/tests/lang/eval-okay-backslash-newline-2.exp @@ -0,0 +1 @@ +"a\nb" diff --git a/tests/lang/eval-okay-backslash-newline-2.nix b/tests/lang/eval-okay-backslash-newline-2.nix new file mode 100644 index 000000000..35ddf495c --- /dev/null +++ b/tests/lang/eval-okay-backslash-newline-2.nix @@ -0,0 +1,2 @@ +''a''\ +b'' -- cgit v1.2.3