GNU bug report logs - #16171
ptx: heap buffer overrun, when run with two file arguments

Previous Next

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: Bernhard Voelker <mail <at> bernhard-voelker.de>
Cc: 16171 <at> debbugs.gnu.org, jim <at> meyering.net
Subject: bug#16171: ptx: heap buffer overrun, when run with two file arguments
Date: Mon, 28 Apr 2014 22:36:20 +0100

On 04/28/2014 10:01 PM, Bernhard Voelker wrote:
> On 04/28/2014 03:52 PM, Pádraig Brady wrote:
>> diff --git a/tests/misc/ptx-overrun.sh b/tests/misc/ptx-overrun.sh
> 
>> +# Trigger an invalid heap reference noticed by gcc -fsanitize=address
>> +# from coreutils-8.22 and earlier.  As well as an invalid memory reference,
>> +# the issue can be seen in the output, with invalid whitespace trimming
>> +# when multiple files are specified.
>> +printf '%s\n' 'This is a ptx whitespace Trimming test' > ws.in
>> +ptx ws.in ws.in | sort | uniq -u > out
>> +compare /dev/null out || fail=1
> 
> Isn't this a user-visible change, i.e., worth a NEWS entry?

Good point. I'll add a NEWS entry.

> BTW: I noticed that v8.21 produces a different result than v8.22:
> 
>   $ /tmp/cu/coreutils-8.21/src/ptx ws.in ws.in | sort | uniq -u
>       test                               This is a ptx whitespace Trimming
>      test                                This is a ptx whitespace Trimming
>   $ /tmp/cu/coreutils-8.22/src/ptx ws.in ws.in | sort | uniq -u
>           is a ptx whitespace Trimming   test                            This
>           is a ptx whitespace Trimming   test                           This

It's basically undefined behavior when trimming whitespace
depending on values on the heap. So if you look at the full output
it should be largely the same apart from the whitespace.

cheers,
Pádraig.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.