Re: [PATCH] quotearg: do not read beyond end of buffer

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] quotearg: do not read beyond end of buffer

From:	Jim Meyering
Subject:	Re: [PATCH] quotearg: do not read beyond end of buffer
Date:	Mon, 13 May 2013 19:39:00 +0200

Paul Eggert wrote:
> On 05/12/2013 10:14 PM, Jim Meyering wrote:
>> I ran gcc's -fsanitize=address against coreutils, and two
>> sort tests failed due to buffer overruns.  Both arose via
>> a bug in quotearg.c.  Patch below.  Two things remain to do:
>>   1) find when the bug was introduced (before push)
>>   2) address the module-factoring FIXME comment (after)
>>
>> Not sure I'll do #1, but I will get to #2.
>
> Thanks for catching this bug!
>
> For #1, it looks like it was commit c4b7f3f8557b27a729a0065bba401dc629357345:
>
> http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=c4b7f3f8557b27a729a0065bba401dc629357345

Thanks.  Yes, that looks right.  Introduced by me 13 years ago.
I notice that it is the same as this coreutils commit,
c3f357adf56d5d012426948dadf7d4156565ea76 whose "git describe"
output shows this change was included in sh-utils-2.0e.
Thus also in the fileutils and textutils releases of the
same general time.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] quotearg: do not read beyond end of buffer, Jim Meyering, 2013/05/13
- Re: [PATCH] quotearg: do not read beyond end of buffer, Paul Eggert, 2013/05/13
  - Re: [PATCH] quotearg: do not read beyond end of buffer, Jim Meyering <=
    - Re: [PATCH] quotearg: do not read beyond end of buffer, Jim Meyering, 2013/05/13
- Re: [PATCH] quotearg: do not read beyond end of buffer, Pádraig Brady, 2013/05/13

Prev by Date: Re: [PATCH] bootstrap: allow a project name to have hyphen(s)
Next by Date: Re: [PATCH] bootstrap: allow a project name to have hyphen(s)
Previous by thread: Re: [PATCH] quotearg: do not read beyond end of buffer
Next by thread: Re: [PATCH] quotearg: do not read beyond end of buffer
Index(es):
- Date
- Thread