Anonymous | Login | Signup for a new account | 11-10-2008 12:35 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0004354 | [BusyBox] Other | minor | always | 07-25-08 16:25 | 08-19-08 17:55 | ||||
Reporter | cristic | View Status | public | ||||||
Assigned To | BusyBox | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | svn | ||||||
Summary | 0004354: tr buffer overflow (invalid read) | ||||||||
Description |
Using [ in the set of characters to be translated/squeezed/deleted by tr can cause a buffer overflow. Here is the simplest example: tr [ Or tr -d [, for an example compatible w/ Coreutils. The problem is in the function expand(), file tr.c: tr.c:73 - arg is incremented to point past the end of the buffer holding "[" tr.c:141 - arg, which now points to invalid memory, is dereferenced A much more minor issue is that Busybox accepts tr [, while Coreutils rejects it: $ coreutils/tr [ tr: missing operand after `[' Two strings must be given when translating. Try `tr --help' for more information. |
||||||||
Additional Information | |||||||||
Attached Files | 4.patch [^] (542 bytes) 07-26-08 07:35 | ||||||||
|
Copyright © 2000 - 2006 Mantis Group |