GNU bug report logs - #22489
A bug in tail.c

Previous Next

Package: coreutils;

Reported by: Lei Wang <wangcppclei <at> gmail.com>

Date: Fri, 29 Jan 2016 16:41:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#22489: closed (A bug in tail.c)
Date: Fri, 29 Jan 2016 18:31:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Fri, 29 Jan 2016 10:29:57 -0800
with message-id <56ABAFA5.40807 <at> cs.ucla.edu>
and subject line Re: bug#22489: A bug in tail.c
has caused the debbugs.gnu.org bug report #22489,
regarding A bug in tail.c
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
22489: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22489
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Lei Wang <wangcppclei <at> gmail.com>
To: bug-coreutils <at> gnu.org
Subject: A bug in tail.c
Date: Fri, 29 Jan 2016 20:38:39 +0800

[Message part 3 (text/plain, inline)]
Version: GNU Coreutils 8.20-8.25 ​
File: tail.c
Bug description:
Line 1979,  parse_obsolete_option() function  has three parameters: argc,
argv, n_units.  We only need to focus on argc and argv, which is from the
main() function. Line 1992  filter  the argc and argv. When argc==2,  line
1998 p = argv[1], line 2000 *p++, then *p=argv[1][1], line 2026 while
(ISDIGIT (*p)) access p. There is one condition can lead to program
overflow, thus argc==2 and argv[1] has only one character, for example
./tail x , will access the next character after x, this maybe a bug, but
can not lead program crash.
--WangLei

[Message part 4 (text/html, inline)]
[Message part 5 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Lei Wang <wangcppclei <at> gmail.com>, 22489-done <at> debbugs.gnu.org
Subject: Re: bug#22489: A bug in tail.c
Date: Fri, 29 Jan 2016 10:29:57 -0800

On 01/29/2016 04:38 AM, Lei Wang wrote:
> There is one condition can lead to program
> overflow, thus argc==2 and argv[1] has only one character, for example
> ./tail x , will access the next character after x, this maybe a bug

I don't see a bug there. The next character is a null byte, and ISDIGIT 
('\0') is false so the code should do the right thing. I don't think 
there is a test case that illustrates wrong behavior, but if I'm wrong 
please reply with a test case (a shell command invoking 'tail') and I'll 
reopen the bug report.
This bug report was last modified 9 years and 174 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.