diff options
| author | Jim Meyering <meyering@redhat.com> | 2008-03-21 10:37:26 +0100 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2008-03-21 20:58:15 +0100 |
| commit | a0851554bd52038ed47e46ee521ce74a5a09f747 (patch) | |
| tree | 624025f9d2b1e17429bd4934da21942dab3b3039 /tests/misc/ptx-overrun | |
| parent | 4f812540a26ad98b52fac71e54049253359caf19 (diff) | |
| download | coreutils-a0851554bd52038ed47e46ee521ce74a5a09f747.tar.xz | |
ptx: avoid heap overrun for backslash at end of optarg string
* src/ptx.c (copy_unescaped_string): Ignore a lone backslash
at end of string. Reported by Cristian Cadar, Daniel Dunbar
and Dawson Engler. Details here:
<http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/13005>.
* tests/misc/Makefile.am (TESTS): Add ptx-overrun.
* tests/misc/ptx-overrun: New file. Test for the above fix.
* NEWS: Mention the fix.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Diffstat (limited to 'tests/misc/ptx-overrun')
| -rwxr-xr-x | tests/misc/ptx-overrun | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/tests/misc/ptx-overrun b/tests/misc/ptx-overrun new file mode 100755 index 000000000..beadf7f1a --- /dev/null +++ b/tests/misc/ptx-overrun @@ -0,0 +1,40 @@ +#!/bin/sh +# Trigger a heap-clobbering bug in ptx from coreutils-6.10 and earlier. + +# Copyright (C) 2008 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +if test "$VERBOSE" = yes; then + set -x + ptx --version +fi + +. $srcdir/../test-lib.sh + +# Using a long file name makes an abort more likely. +# Even with no file name, valgrind detects the buffer overrun. +f=01234567890123456789012345678901234567890123456789 +touch $f empty || framework_failure + +fail=0 + +# Specifying a regular expression ending in a lone backslash +# would cause ptx to write beyond the end of a malloc'd buffer. +ptx -F '\' $f < /dev/null > out || fail=1 +ptx -S 'foo\' $f < /dev/null >> out || fail=1 +ptx -W 'bar\\\' $f < /dev/null >> out || fail=1 +compare out empty || fail=1 + +(exit $fail); exit $fail |