Jim Meyering wrote: > Paul Marinescu wrote: >> In coreutils 8.9 (latest), the following commands trigger an invalid >> memory access. >> >> cut -c1234567890- --output-d=: foo >> cut -f1234567890- --output-d=: foo >> cut -b1234567890- --output-d=: foo >> >> The number 1234567890 is just a random number 'big enough' to make the >> invalid access generate a segmentation fault but the invalid access >> happens for values as low as 8 (valgrind) >> >> The problem is that ranges going to end of line (i.e., 'x-') are not >> taken into account when calculating the size of the printable_field >> vector, but their lower bound is used as an index on line 525: >> >> if (output_delimiter_specified >> && !complement >> && eol_range_start && !is_printable_field (eol_range_start)) > > Thanks a lot for the report. > Here's a fix: > ... > Subject: [PATCH] cut: don't segfault for large unbounded range > > * src/cut.c (set_fields): When computing the maximum range endpoint, > take into consideration the start of any unbounded range, like "999-". > * NEWS (Bug fixes): Mention it. > * tests/misc/cut (big-unbounded-b,c,f): Add tests. > Reported by Paul Marinescu in http://debbugs.gnu.org/7993 > The bug was introduced on 2004-12-04 via commit 7380cf79. ... > * Noteworthy changes in release ?.? (????-??-??) [?] > > +** Bug fixes > + > + cut could segfault when invoked with a user-specified output > + delimiter and an unbounded range like "-f1234567890-". > + [bug introduced in coreutils-5.3.0] > +
Fixed, so closing.
