diff options
| author | Jim Meyering <meyering@redhat.com> | 2008-03-27 12:18:25 +0100 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2008-03-27 13:32:38 +0100 |
| commit | b58a8b4ef588ec8a365b920d12e27fdd71aa48d1 (patch) | |
| tree | 319fa5c7f3b3636f953271dca93f9a9b29c0b124 /NEWS | |
| parent | 6743f8113658189cdc3d169616569e733403ee54 (diff) | |
| download | coreutils-b58a8b4ef588ec8a365b920d12e27fdd71aa48d1.tar.xz | |
paste -d\\: avoid heap overrun for backslash at end of delim list
* src/paste.c: Include "quotearg.h".
(collapse_escapes): Handle backslash-escaped backslash explicitly.
Handle unescaped backslash at end of string by returning nonzero,
rather than by overrunning memory.
(main): Diagnose an invalid delimiter list -- carefully.
Reported by Cristian Cadar, Daniel Dunbar and Dawson Engler.
* tests/misc/paste-no-nl (delim-bs): Add a test to demonstrate the
heap-smashing capability.
(delim-bs2): Prior to coreutils-5.1.2, this bug was a little harder
to demonstrate: it would corrupt a first-argument containing e.g., \b
* NEWS: Mention the bug fix.
* tests/misc/Makefile.am (TESTS): Reflect renaming.
* tests/misc/paste: Rename from paste-no-nl.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -18,6 +18,9 @@ GNU coreutils NEWS -*- outline -*- when the destination had two or more hard links. It no longer does that. [bug introduced in coreutils-5.3.0] + "paste -d'\' file" no longer overruns memory (heap since coreutils-5.1.2, + stack before then) [bug present in the original version, in 1992] + "ptx -F'\' long-file-name" would overrun a malloc'd buffer and corrupt the heap. That was triggered by a lone backslash (or odd number of them) at the end of the option argument to --flag-truncation=STRING (-F), |