From: "Dr. David Alan Gilbert" <dave@treblig.org>
To: Karel Zak <kzak@redhat.com>
Cc: "Dr. David Alan Gilbert" <dave@treblig.org>,
util-linux@vger.kernel.org, rleigh@debian.org
Subject: Re: [PATCH] get_line fixes for wide characters and overflows
Date: Thu, 1 Aug 2013 13:57:03 +0100 [thread overview]
Message-ID: <20130801125703.GA7815@gallifrey> (raw)
In-Reply-To: <20130801110159.GA2484@x2.net.home>
* Karel Zak (kzak@redhat.com) wrote:
> On Fri, Jul 19, 2013 at 11:35:01PM +0100, Dr. David Alan Gilbert wrote:
> > This is a fix for the bug I reported with 'more' crashing:
> > http://marc.info/?l=util-linux-ng&m=137401887913346&w=2
>
> It seems that bug has been introduced 4 years ago by my commit
> 1ac300932deab8dea2c43050921bbbdb36d62ff1.
>
> The original code used static buffer Line[LINSIZ+2] -- yes, +2 for \n\0.
>
> I have applied the patch below. Please, test it (I'm not able to
> reproduce the problem with the file from Suse bugzilla).
Hi Karel,
Thanks for the reply. I'll give it a go over the weekend,
but I don't think it can handle the wchar problems I described and fixed
in my follow up patch. If a 4byte wchar hapens to land at the end of the buffer
how do you guarantee the space?
Dave
>
> Thanks!
>
> Karel
>
> >From 1ef2db5a5672e09fa1337099b7d9d6ab61c19bdc Mon Sep 17 00:00:00 2001
> From: Karel Zak <kzak@redhat.com>
> Date: Thu, 1 Aug 2013 12:58:22 +0200
> Subject: [PATCH] more: fix buffer overflow
>
> The bug has been probably introduced by commit
> 1ac300932deab8dea2c43050921bbbdb36d62ff1.
>
> Reported-by: "Dr. David Alan Gilbert" <dave@treblig.org>
> References: https://bugzilla.novell.com/show_bug.cgi?id=829720
> Signed-off-by: Karel Zak <kzak@redhat.com>
> ---
> text-utils/more.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/text-utils/more.c b/text-utils/more.c
> index 3bbeede..3377118 100644
> --- a/text-utils/more.c
> +++ b/text-utils/more.c
> @@ -835,7 +835,8 @@ void prepare_line_buffer(void)
> if (nsz < LINSIZ)
> nsz = LINSIZ;
>
> - nline = xrealloc(Line, nsz);
> + /* alloc nsz and extra space for \n\0 */
> + nline = xrealloc(Line, nsz + 2);
> Line = nline;
> LineLen = nsz;
> }
> --
> 1.8.1.4
>
--
-----Open up your eyes, open up your mind, open up your code -------
/ Dr. David Alan Gilbert | Running GNU/Linux | Happy \
\ gro.gilbert @ treblig.org | | In Hex /
\ _________________________|_____ http://www.treblig.org |_______/
next prev parent reply other threads:[~2013-08-01 12:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-16 23:20 a repeatable 'more' crash and question about wide char and 'get_line' safety Dr. David Alan Gilbert
2013-07-19 22:35 ` [PATCH] get_line fixes for wide characters and overflows Dr. David Alan Gilbert
2013-08-01 11:01 ` Karel Zak
2013-08-01 12:57 ` Dr. David Alan Gilbert [this message]
2013-08-01 14:04 ` Karel Zak
2013-08-03 12:38 ` Dr. David Alan Gilbert
2013-08-05 8:40 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130801125703.GA7815@gallifrey \
--to=dave@treblig.org \
--cc=kzak@redhat.com \
--cc=rleigh@debian.org \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.