From a0851554bd52038ed47e46ee521ce74a5a09f747 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Fri, 21 Mar 2008 10:37:26 +0100
Subject: ptx: avoid heap overrun for backslash at end of optarg string

* src/ptx.c (copy_unescaped_string): Ignore a lone backslash
at end of string.  Reported by Cristian Cadar, Daniel Dunbar
and Dawson Engler.  Details here:
<http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/13005>.
* tests/misc/Makefile.am (TESTS): Add ptx-overrun.
* tests/misc/ptx-overrun: New file.  Test for the above fix.
* NEWS: Mention the fix.

Signed-off-by: Jim Meyering <meyering@redhat.com>
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 343366823..43d80ca1d 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,11 @@ GNU coreutils NEWS                                    -*- outline -*-
   when the destination had two or more hard links.  It no longer does that.
   [bug introduced in coreutils-5.3.0]
 
+  "ptx -F'\' long-file-name" would overrun a malloc'd buffer and corrupt
+  the heap.  That was triggered by a lone backslash (or odd number of them)
+  at the end of the option argument to --flag-truncation=STRING (-F),
+  --word-regexp=REGEXP (-W), or --sentence-regexp=REGEXP (-S).
+
   "rmdir --ignore-fail-on-non-empty" detects and ignores the failure
   in more cases when a directory is empty.
 
-- 
cgit v1.2.3-70-g09d2