From a0851554bd52038ed47e46ee521ce74a5a09f747 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Fri, 21 Mar 2008 10:37:26 +0100
Subject: ptx: avoid heap overrun for backslash at end of optarg string

* src/ptx.c (copy_unescaped_string): Ignore a lone backslash
at end of string.  Reported by Cristian Cadar, Daniel Dunbar
and Dawson Engler.  Details here:
<http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/13005>.
* tests/misc/Makefile.am (TESTS): Add ptx-overrun.
* tests/misc/ptx-overrun: New file.  Test for the above fix.
* NEWS: Mention the fix.

Signed-off-by: Jim Meyering <meyering@redhat.com>
---
 src/ptx.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/ptx.c b/src/ptx.c
index dafcbe22a..8f7ae95a4 100644
--- a/src/ptx.c
+++ b/src/ptx.c
@@ -388,6 +388,10 @@ copy_unescaped_string (const char *string)
 	      string++;
 	      break;
 
+	    case '\0':		/* lone backslash at end of string */
+	      /* ignore it */
+	      break;
+
 	    default:
 	      *cursor++ = '\\';
 	      *cursor++ = *string++;
-- 
cgit v1.2.3-70-g09d2