Bug in awk substring routine dumps core

[Ken Reek]

There is a bug in the substring routine in awk that can cause it to fail with
a memory fault.  Briefly, the problem stems from keeping a pointer to a string
and using the pointer after the memory containing it has been free'd.  Using
the pointer later may corrupt malloc's storage arena, which eventually causes
the failure.  The awk program I had that failed is too long to include here;
if anyone is interested, drop me a note.

To fix the problem, change "run.c" as shown below.  The line numbers may be
off a little, as I've changed many of the declarations to use registers.


***255,262 (originally)
obj substr(a, nnn) node **a;
{
	char *s, temp;
	obj x;
	int k, m, n;

	x = execute(a[0]);
	s = getsval(x.optr);

---255,262 (corrected)
obj substr(a, nnn) node **a;
{
	char *s, temp;
!	obj x, y;
	int k, m, n;

!	y = execute(a[0]);
!	s = getsval(y.optr);


***263,265 (originally)
	k = strlen(s) + 1;
!	tempfree(x);
	x = execute(a[1]);

---263,264 (corrected)
	k = strlen(s) + 1;
	x = execute(a[1]);


***288,289 (originally)
	s[n+m-1] = temp;
	return(x);

---287,289 (corrected)
	s[n+m-1] = temp;
!	tempfree(y);
	return(x);


I've also incorporated changes for a version that uses doubles instead of
floats (called dawk) and a version that uses long integers instead of floats
(called lawk).  The former is useful when greater precisions than offered by
floats is needed; the latter was most useful on our PDP-11/45 which lacked
floating point hardware -- the performance improvement averaged better than
an order of magnitude.  If you're interested, drop me a note.

	Ken Reek, Rochester Institute of Technology
	seismo!rochester!ritcv!kar