diff options
author | Jim Meyering <meyering@redhat.com> | 2008-04-19 12:48:10 +0200 |
---|---|---|
committer | Jim Meyering <meyering@redhat.com> | 2008-04-19 13:34:38 +0200 |
commit | 6856089f7bfaca2709b303f01dae001a30930b61 (patch) | |
tree | 8d5758ffb85f9a806736a4e7cc44f4a0827423a5 /NEWS | |
parent | 7e1075dd747420ec96d34d5bc289f7137abc80c7 (diff) | |
download | coreutils-6856089f7bfaca2709b303f01dae001a30930b61.tar.xz |
pr -e, with a mix of backspaces and TABs, could corrupt the heap
* tests/pr/Test.pm: New tests for the above.
* src/pr.c (char_to_clump): Ensure that "input_position" never
goes below 0.
Also, elide any backspace encountered when input_position is 0,
to be compatible at least with /bin/pr from Solaris 10.
This bug is present in the original version:
b25038ce9a234ea0906ddcbd8a0012e917e6c661
* NEWS [Bug fixes]: Mention this.
Report and diagnosis by Cristian Cadar, Daniel Dunbar and Dawson Engler
in http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/13272
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -42,6 +42,9 @@ GNU coreutils NEWS -*- outline -*- "paste -d'\' file" no longer overruns memory (heap since coreutils-5.1.2, stack before then) [bug present in the original version, in 1992] + "pr -e" with a mix of backspaces and TABs no longer corrupts the heap + [bug present in the original version, in 1992] + "ptx -F'\' long-file-name" would overrun a malloc'd buffer and corrupt the heap. That was triggered by a lone backslash (or odd number of them) at the end of the option argument to --flag-truncation=STRING (-F), |