coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] quotearg: do not read beyond end of buffer


From: Jim Meyering
Subject: Re: [PATCH] quotearg: do not read beyond end of buffer
Date: Mon, 13 May 2013 19:39:00 +0200

Paul Eggert wrote:
> On 05/12/2013 10:14 PM, Jim Meyering wrote:
>> I ran gcc's -fsanitize=address against coreutils, and two
>> sort tests failed due to buffer overruns.  Both arose via
>> a bug in quotearg.c.  Patch below.  Two things remain to do:
>>   1) find when the bug was introduced (before push)
>>   2) address the module-factoring FIXME comment (after)
>>
>> Not sure I'll do #1, but I will get to #2.
>
> Thanks for catching this bug!
>
> For #1, it looks like it was commit c4b7f3f8557b27a729a0065bba401dc629357345:
>
> http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=c4b7f3f8557b27a729a0065bba401dc629357345

Thanks.  Yes, that looks right.  Introduced by me 13 years ago.
I notice that it is the same as this coreutils commit,
c3f357adf56d5d012426948dadf7d4156565ea76 whose "git describe"
output shows this change was included in sh-utils-2.0e.
Thus also in the fileutils and textutils releases of the
same general time.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]