The reporting of the empty arg location added with commit
08d3caf30
("MINOR: cfgparse: visually show the input line on empty args") falls
victim of a special case detected by OSS Fuzz:
https://issues.oss-fuzz.com/issues/
415850462
In short, making an argument start with "\x00" doesn't make it empty for
the parser, but still emits an empty string which is detected and
displayed. Unfortunately in this case the error pointer is not set so
the sanitization function crashes.
What we're doing in this case is that we fall back to the position of
the output argument as an estimate of where it was located in the input.
It's clearly inexact (quoting etc) but will still help the user locate
the problem.
No backport is needed unless the commit above is backported.
while (1) {
uint32_t err;
- const char *errptr;
+ const char *errptr = NULL;
int check_arg;
arg = sizeof(args) / sizeof(*args);
for (check_arg = 0; check_arg < arg; check_arg++) {
if (!*args[check_arg]) {
- /* if an empty arg was found, its pointer is in <errptr> */
size_t newpos;
+ /* if an empty arg was found, its pointer should be in <errptr>, except
+ * for rare cases such as '\x00' etc. We need to check errptr in any case
+ * and if it's not set, we'll fall back to args's position in the output
+ * string instead (less accurate but still useful).
+ */
+ if (!errptr)
+ errptr = args[check_arg] - outline + line;
+
/* sanitize input line in-place */
newpos = sanitize_for_printing(line, errptr - line, 80);
ha_warning("parsing [%s:%d]: argument number %d at position %d is empty and marks the end of the "
projects / thirdparty / haproxy.git / commitdiff
