GNU bug report logs - #7213
[PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete keys

Previous Next

Package: coreutils;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Thu, 14 Oct 2010 07:10:03 UTC

Severity: normal

Tags: patch

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 7213 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 7213 <at> debbugs.gnu.org
Subject: Re: bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when
	warning re obsolete keys
Date: Thu, 14 Oct 2010 11:27:24 +0100

Ah I wasn't aware anytostr put the numbers at the end of the buffer.
That's confirmed by replacing the tmp buffer with one on the heap
and running:

$ valgrind ./src/sort --debug  +0 -1 /dev/null
==25943== Memcheck, a memory error detector.
==25943== Invalid write of size 1
==25943==    at 0x8051F25: umaxtostr (anytostr.c:34)
==25943==    by 0x8050D95: main (sort.c:2336)
==25943==  Address 0x4026f64 is 9 bytes after a block of size 11 alloc'd

On 14/10/10 08:12, Paul Eggert wrote:
> * src/sort.c (key_warnings): Local buffer should be of size
> INT_BUFSIZE_BOUND (uintmax_t), not INT_BUFSIZE_BOUND (sword).
> This bug was discovered by running 'make check' on a 32-bit
> Solaris 8 sparc host, using Sun cc.

So the test failed due to buffer overrun side effects?

thanks!
Pádraig.

This bug report was last modified 14 years and 275 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #7213 [PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete keys

GNU bug report logs - #7213
[PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete keys