From: Willy Tarreau Date: Mon, 23 Jun 2025 16:33:31 +0000 (+0200) Subject: BUG/MINOR: tools: only reset argument start upon new argument X-Git-Tag: v3.3-dev2~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=68c3eb30135346bf0c0b0a0050326ab262b49134;p=thirdparty%2Fhaproxy.git BUG/MINOR: tools: only reset argument start upon new argument In issue #2995, Thomas Kjaer reported that empty argument position reporting had been broken yet again. This time it was broken by this latest fix: 2b60e54fb1 ("BUG/MINOR: tools: improve parse_line()'s robustness against empty args"). It turns out that this fix is not the culprit and it's in fact correct. The culprit was the original commit of this series, 7e4a2f39ef ("BUG/MINOR: tools: do not create an empty arg from trailing spaces"), which used to reset arg_start to outpos for every new char in addition to doing it for every arg. This resulted in the end of the line to be seen as always being in error, thus reporting an incorrect position that the caller would correct in a generic way designating the beginning of the line. It didn't reveal prior to the upper fix above because the misassigned value was almost not used by then. Assigning the value before entering the loop fixes this problem and doens't break the series of previous oss-fuzz reproducers. Hopefully it's the last one again. This must be backported to 3.2. Thanks to @tkjaer for reporting the issue along with a reproducer. --- diff --git a/src/tools.c b/src/tools.c index aee750b41..731d8f93c 100644 --- a/src/tools.c +++ b/src/tools.c @@ -6198,9 +6198,9 @@ uint32_t parse_line(char *in, char *out, size_t *outlen, char **args, int *nbarg if (arg < argsmax) args[arg] = out; + arg_start = outpos; while (1) { prev_in_arg = in_arg; - arg_start = outpos; curr_in = in; if (*in >= '-' && *in != '\\') {