From a0851554bd52038ed47e46ee521ce74a5a09f747 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Fri, 21 Mar 2008 10:37:26 +0100 Subject: ptx: avoid heap overrun for backslash at end of optarg string * src/ptx.c (copy_unescaped_string): Ignore a lone backslash at end of string. Reported by Cristian Cadar, Daniel Dunbar and Dawson Engler. Details here: . * tests/misc/Makefile.am (TESTS): Add ptx-overrun. * tests/misc/ptx-overrun: New file. Test for the above fix. * NEWS: Mention the fix. Signed-off-by: Jim Meyering --- tests/misc/Makefile.am | 3 ++- tests/misc/ptx-overrun | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100755 tests/misc/ptx-overrun (limited to 'tests/misc') diff --git a/tests/misc/Makefile.am b/tests/misc/Makefile.am index 2be132f30..f3ed13209 100644 --- a/tests/misc/Makefile.am +++ b/tests/misc/Makefile.am @@ -1,6 +1,6 @@ # Make miscellaneous coreutils tests. -*-Makefile-*- -# Copyright (C) 2001-2007 Free Software Foundation, Inc. +# Copyright (C) 2001-2008 Free Software Foundation, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -38,6 +38,7 @@ TESTS = \ ls-time \ ls-misc \ date \ + ptx-overrun \ xstrtol \ od \ mktemp \ diff --git a/tests/misc/ptx-overrun b/tests/misc/ptx-overrun new file mode 100755 index 000000000..beadf7f1a --- /dev/null +++ b/tests/misc/ptx-overrun @@ -0,0 +1,40 @@ +#!/bin/sh +# Trigger a heap-clobbering bug in ptx from coreutils-6.10 and earlier. + +# Copyright (C) 2008 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +if test "$VERBOSE" = yes; then + set -x + ptx --version +fi + +. $srcdir/../test-lib.sh + +# Using a long file name makes an abort more likely. +# Even with no file name, valgrind detects the buffer overrun. +f=01234567890123456789012345678901234567890123456789 +touch $f empty || framework_failure + +fail=0 + +# Specifying a regular expression ending in a lone backslash +# would cause ptx to write beyond the end of a malloc'd buffer. +ptx -F '\' $f < /dev/null > out || fail=1 +ptx -S 'foo\' $f < /dev/null >> out || fail=1 +ptx -W 'bar\\\' $f < /dev/null >> out || fail=1 +compare out empty || fail=1 + +(exit $fail); exit $fail -- cgit v1.2.3-70-g09d2