 Relationships |
|
| Anonymous | Login | Signup for a new account | 11-10-2008 12:39 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004544 | [BusyBox] Other | minor | always | 08-10-08 21:58 | 08-15-08 14:20 | ||||
| Reporter | cristic | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | svn | ||||||
| Summary | 0004544: cut reads/writes invalid memory for certain inputs | ||||||||
| Description |
I think the problem occurs when you have lines containing only delimiters. Here is a simple example: cut -f- A where A contains "\t\n" (one tab, one newline) 53: char *printed = xzalloc(linelen * sizeof(char)); ... 125: for (; cl_pos < nlists && line; cl_pos++) { 126: spos = cut_lists[cl_pos].startpos; 127: do { 128: /* find the field we're looking for */ 129: while (line && ndelim < spos) { 130: field = strsep(&line, delimiter); 131: ndelim++; 132: } 133: 134: /* we found it, and it hasn't been printed yet */ 135: if (field && ndelim == spos && !printed[ndelim]) { ... 142: printed[ndelim] = 'X'; On cut.c:53, the buffer printed is allocated. In our example it has size 1. On the first iteration through the loop on line 125, line is "\t". The call to strsep on line 130 returns "" and sets line to "". Since line is not NULL, a second iteration through the do-while loop is performed. This time the call to strsep sets line to NULL. When line 135 is executed again, printed is indexed by ndelim, which now has value 1, and so printed[ndelim] reads past the buffer printed. Later, on line 142, this invalid location is also written. I think the fix might be to simply increase the size of printed by 1, but I haven't looked closely enough at the code. Thanks, Cristian |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
|
Relationships |
|
|
Notes |
|
|
(0010474) vda 08-15-08 14:20 |
I agree with your analysis. Fixed in rev 23087, thanks! |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 08-10-08 21:58 | cristic | New Issue | |
| 08-10-08 21:58 | cristic | Status | new => assigned |
| 08-10-08 21:58 | cristic | Assigned To | => BusyBox |
| 08-10-08 21:58 | cristic | Issue Monitored: cristic | |
| 08-15-08 14:20 | vda | Status | assigned => closed |
| 08-15-08 14:20 | vda | Note Added: 0010474 | |
| 08-15-08 14:20 | vda | Resolution | open => fixed |
| 08-15-08 14:20 | vda | Fixed in Version | => svn |
| Copyright © 2000 - 2006 Mantis Group |  |
