bug#7993: cut segmentation fault with unbounded ranges

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#7993: cut segmentation fault with unbounded ranges

From:	Paul Marinescu
Subject:	bug#7993: cut segmentation fault with unbounded ranges
Date:	Sun, 06 Feb 2011 18:20:11 +0000
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100826 Thunderbird/3.0.7

In coreutils 8.9 (latest), the following commands trigger an invalid
memory access.

cut -c1234567890- --output-d=: foo
cut -f1234567890- --output-d=: foo
cut -b1234567890- --output-d=: foo

The number 1234567890 is just a random number 'big enough' to make the
invalid access generate a segmentation fault but the invalid access
happens for values as low as 8 (valgrind)

The problem is that ranges going to end of line (i.e., 'x-') are not
taken into account when calculating the size of the printable_field
vector, but their lower bound is used as an index on line 525:

  if (output_delimiter_specified
      && !complement
      && eol_range_start && !is_printable_field (eol_range_start))


Paul

[Prev in Thread]

Current Thread

[Next in Thread]

bug#7993: cut segmentation fault with unbounded ranges, Paul Marinescu <=
- Message not available
  - bug#7993: Acknowledgement (cut segmentation fault with unbounded ranges), Paul Marinescu, 2011/02/07
    - bug#7993: Acknowledgement (cut segmentation fault with unbounded ranges), Jim Meyering, 2011/02/07

Prev by Date: bug#7991: bug in uname (?)
Next by Date: bug#7992: cut segmentation fault with unbounded ranges
Previous by thread: bug#7991: bug in uname (?)
Next by thread: bug#7993: Acknowledgement (cut segmentation fault with unbounded ranges)
Index(es):
- Date
- Thread