### Bug overview
shuf -er or shuf -eer [ segment fault]
impact [coreutils 8.22 ]
```
[15:03:59]xqx@server:~/data/xqx/projects/coreutils-8.22$ ./obj-gcov/src/shuf -er
Segmentation fault (core dumped)
```
### Analysis
when shuf execute -e without give the expected input lines, it will assign n_lines to 0 in "write_random_lines" while the "repeat" (-r) be set. and this var will be as the genmax parameter when "randint_genmax" function called. the code as follows in shuf.c:
```
369 for (i = 0; i < count; i++)
370 {
371 const randint j = randint_choose (s, n_lines);
372 char *const *p = lines + j;
373 size_t len = p[1] - p[0];
374 if (fwrite (p[0], sizeof *p[0], len, stdout) != len)
375 return -1;
376 }
377
```
'j' will be a random number between 0-0xffffffffffffffff in my 64bit ubuntu, and 'p' will be a unexpected point which will be access next. when p point to an ilegal memory, it will be error when access it, which may be result in a Segmentation fault.
if an attacker could control the random which gened by randint_choose, it may be get the infomation without an legal authority. However, It may be difficult.
yours
xqx