From: Karel Zak <kzak@redhat.com>
To: "Dr. David Alan Gilbert" <dave@treblig.org>
Cc: util-linux@vger.kernel.org, rleigh@debian.org
Subject: Re: [PATCH] get_line fixes for wide characters and overflows
Date: Thu, 1 Aug 2013 13:01:59 +0200 [thread overview]
Message-ID: <20130801110159.GA2484@x2.net.home> (raw)
In-Reply-To: <20130719223501.GA13613@gallifrey>
On Fri, Jul 19, 2013 at 11:35:01PM +0100, Dr. David Alan Gilbert wrote:
> This is a fix for the bug I reported with 'more' crashing:
> http://marc.info/?l=util-linux-ng&m=137401887913346&w=2
It seems that bug has been introduced 4 years ago by my commit
1ac300932deab8dea2c43050921bbbdb36d62ff1.
The original code used static buffer Line[LINSIZ+2] -- yes, +2 for \n\0.
I have applied the patch below. Please, test it (I'm not able to
reproduce the problem with the file from Suse bugzilla).
Thanks!
Karel
>From 1ef2db5a5672e09fa1337099b7d9d6ab61c19bdc Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 1 Aug 2013 12:58:22 +0200
Subject: [PATCH] more: fix buffer overflow
The bug has been probably introduced by commit
1ac300932deab8dea2c43050921bbbdb36d62ff1.
Reported-by: "Dr. David Alan Gilbert" <dave@treblig.org>
References: https://bugzilla.novell.com/show_bug.cgi?id=829720
Signed-off-by: Karel Zak <kzak@redhat.com>
---
text-utils/more.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/text-utils/more.c b/text-utils/more.c
index 3bbeede..3377118 100644
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -835,7 +835,8 @@ void prepare_line_buffer(void)
if (nsz < LINSIZ)
nsz = LINSIZ;
- nline = xrealloc(Line, nsz);
+ /* alloc nsz and extra space for \n\0 */
+ nline = xrealloc(Line, nsz + 2);
Line = nline;
LineLen = nsz;
}
--
1.8.1.4
next prev parent reply other threads:[~2013-08-01 11:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-16 23:20 a repeatable 'more' crash and question about wide char and 'get_line' safety Dr. David Alan Gilbert
2013-07-19 22:35 ` [PATCH] get_line fixes for wide characters and overflows Dr. David Alan Gilbert
2013-08-01 11:01 ` Karel Zak [this message]
2013-08-01 12:57 ` Dr. David Alan Gilbert
2013-08-01 14:04 ` Karel Zak
2013-08-03 12:38 ` Dr. David Alan Gilbert
2013-08-05 8:40 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130801110159.GA2484@x2.net.home \
--to=kzak@redhat.com \
--cc=dave@treblig.org \
--cc=rleigh@debian.org \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox