diff options
| author | Pádraig Brady <P@draigBrady.com> | 2016-11-25 13:46:23 +0000 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2016-11-25 14:08:42 +0000 |
| commit | d91aeef0527bf8ec0f83c3c3b69f3979c0b4c4a0 (patch) | |
| tree | 6b5fcdf4b81388ba9bf853484c6ab00231b2539a /NEWS | |
| parent | ca99c524e828cc1a1cfeff3cdfc5349f87143829 (diff) | |
| download | coreutils-d91aeef0527bf8ec0f83c3c3b69f3979c0b4c4a0.tar.xz | |
pr: fix read from invalid memory with tabs in separator
This was detected with:
echo a > a; pr "-S$(printf "\t\t\t")" a -m a > /dev/null
Resulting in ASAN triggering:
====================================================
ERROR: AddressSanitizer: global-buffer-overflow
READ of size 1 at 0x00000041b622 thread T0
#0 0x40506a in print_sep_string ../src/pr.c:2241
#1 0x407ec4 in read_line ../src/pr.c:2493
#2 0x40985c in print_page ../src/pr.c:1802
#3 0x40985c in print_files ../src/pr.c:1618
#4 0x4036e0 in main ../src/pr.c:1136
* src/pr.c (init_parameters): Ensure we only override the
specified separator when it's a single tab, thus matching
the calculated separator length.
* tests/pr/pr-tests.pl: Add a test case.
* NEWS: Mention the fix.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -35,6 +35,10 @@ GNU coreutils NEWS -*- outline -*- nl now resets numbering for each page section rather than just for each page. [This bug was present in "the beginning".] + pr now handles specified separator strings containing tabs correctly. + Previously it would have output random data from memory. + [This bug was detected with ASAN and present in "the beginning".] + sort -h -k now works even in locales that use blank as thousands separator. stty --help no longer outputs extraneous gettext header lines |