printf: fix an out-of-bounds memory access

* src/printf.c (STRTOX): Don't access memory after a string containing a single quote character. * tests/misc/printf: Add tests for various combinations of single quote characters combined with a numeric format. * THANKS.in: Add bug reporter. * NEWS: Mention the fix. Reported-by: Paul Marinescu <paul.marinescu@imperial.ac.uk>
author: Pádraig Brady <P@draigBrady.com> 2011-05-18 00:01:55 +0100
committer: Pádraig Brady <P@draigBrady.com> 2011-05-18 07:33:04 +0100
commit: beaa94931345271fd288480d7ea952f9551ef991 (patch)
tree: 8ba8a455a5ed0d95d310f40ae48569c847404f3d /src/printf.c
parent: 50ca38e523b5434fd6d7b98ed87a310179e9967a (diff)
download: coreutils-beaa94931345271fd288480d7ea952f9551ef991.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/printf.c b/src/printf.c
index e05947c75..24070b892 100644
--- a/src/printf.c
+++ b/src/printf.c
@@ -160,7 +160,7 @@ FUNC_NAME (char const *s)						 \
   char *end;								 \
   TYPE val;								 \
                                                                          \
-  if (*s == '\"' || *s == '\'')						 \
+  if ((*s == '\"' || *s == '\'') && *(s + 1))				 \
     {									 \
       unsigned char ch = *++s;						 \
       val = ch;								 \
author	Pádraig Brady <P@draigBrady.com>	2011-05-18 00:01:55 +0100
committer	Pádraig Brady <P@draigBrady.com>	2011-05-18 07:33:04 +0100
commit	beaa94931345271fd288480d7ea952f9551ef991 (patch)
tree	8ba8a455a5ed0d95d310f40ae48569c847404f3d /src/printf.c
parent	50ca38e523b5434fd6d7b98ed87a310179e9967a (diff)
download	coreutils-beaa94931345271fd288480d7ea952f9551ef991.tar.xz