Re: [PATCH] get_line fixes for wide characters and overflows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Karel Zak (kzak@xxxxxxxxxx) wrote:
> On Fri, Jul 19, 2013 at 11:35:01PM +0100, Dr. David Alan Gilbert wrote:
> >   This is a fix for the bug I reported with 'more' crashing:
> > http://marc.info/?l=util-linux-ng&m=137401887913346&w=2
> 
>  It seems that bug has been introduced 4 years ago by my commit
>  1ac300932deab8dea2c43050921bbbdb36d62ff1.
> 
>  The original code used static buffer Line[LINSIZ+2] -- yes, +2 for \n\0.
> 
>  I have applied the patch below. Please, test it (I'm not able to
>  reproduce the problem with the file from Suse bugzilla).

Hi Karel,
  Thanks for the reply.  I'll give it a go over the weekend,
but I don't think it can handle the wchar problems I described and fixed
in my follow up patch. If a 4byte wchar hapens to land at the end of the buffer
how do you guarantee the space?

Dave

> 
>  Thanks!
> 
>     Karel
> 
> >From 1ef2db5a5672e09fa1337099b7d9d6ab61c19bdc Mon Sep 17 00:00:00 2001
> From: Karel Zak <kzak@xxxxxxxxxx>
> Date: Thu, 1 Aug 2013 12:58:22 +0200
> Subject: [PATCH] more: fix buffer overflow
> 
> The bug has been probably introduced by commit
> 1ac300932deab8dea2c43050921bbbdb36d62ff1.
> 
> Reported-by: "Dr. David Alan Gilbert" <dave@xxxxxxxxxxx>
> References: https://bugzilla.novell.com/show_bug.cgi?id=829720
> Signed-off-by: Karel Zak <kzak@xxxxxxxxxx>
> ---
>  text-utils/more.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/text-utils/more.c b/text-utils/more.c
> index 3bbeede..3377118 100644
> --- a/text-utils/more.c
> +++ b/text-utils/more.c
> @@ -835,7 +835,8 @@ void prepare_line_buffer(void)
>  	if (nsz < LINSIZ)
>  		nsz = LINSIZ;
>  
> -	nline = xrealloc(Line, nsz);
> +	/* alloc nsz and extra space for \n\0 */
> +	nline = xrealloc(Line, nsz + 2);
>  	Line = nline;
>  	LineLen = nsz;
>  }
> -- 
> 1.8.1.4
> 
-- 
 -----Open up your eyes, open up your mind, open up your code -------   
/ Dr. David Alan Gilbert    |       Running GNU/Linux       | Happy  \ 
\ gro.gilbert @ treblig.org |                               | In Hex /
 \ _________________________|_____ http://www.treblig.org   |_______/
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux