--- ChangeLog | 6 ++++++ NEWS | 5 +++++ find/pred.c | 5 +++-- 3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog index fb8d234..259fd66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,12 @@ 2009-04-10 James Youngman <[email protected]> + Backport fix for Savannah bug #23663, crash in some locales for %AX. + * find/pred.c (do_time_format): Fix off-by-one error in handling + of the buffer used to print timestamps. This caused a crash in + some locales when handling the %AX format specifier. + * NEWS: Mention this bugfix. + Fix bug #22662 (backport from 4.5.x) * find/pred.c (scan_for_digit_differences): Remember that we saw the first differing digit and also get the order of the diff --git a/NEWS b/NEWS index 8cc4dc4..97c3deb 100644 --- a/NEWS +++ b/NEWS @@ -9,10 +9,15 @@ versions of the AIX C compiler), find's regular expression implementation fails to support case-insensitive regular expression matching, causing -iregex to behave like -regex. This is now fixed. + #23070: Corrected manpage description of find -perm /000 (the change was already made but the manpage indicated the change would happen "soon"). +#23663: crash in some locales for -printf %AX (this problem seems to +have affected only the CVS code for 4.5.x, and not any public +releases, but it was a problem with the original fix for bug #22662) + #24169: find would segfault if the -newerXY test was not followed by any argument. diff --git a/find/pred.c b/find/pred.c index 8cfaf74..3a829bc 100644 --- a/find/pred.c +++ b/find/pred.c @@ -2101,7 +2101,6 @@ do_time_format (const char *fmt, const struct tm *p, const char *ns, size_t ns_s size_t i, n; size_t final_len = (buf_used + 1u /* for \0 */ - - 1u /* because we don't need the initial underscore */ + ns_size); buf = xrealloc (buf, final_len); altbuf = xmalloc (final_len); @@ -2117,15 +2116,17 @@ do_time_format (const char *fmt, const struct tm *p, const char *ns, size_t ns_s && (2==n) && !isdigit((unsigned char)buf[i+n])) { const size_t end_of_seconds = i + n; + const size_t suffix_len = buf_used-(end_of_seconds)+1; /* Move the tail (including the \0). Note that this * is a move of an overlapping memory block, so we * must use memmove instead of memcpy. Then insert * the nanoseconds (but not its trailing \0). */ + assert (end_of_seconds + ns_size + suffix_len == final_len); memmove (buf+end_of_seconds+ns_size, buf+end_of_seconds, - buf_used-(end_of_seconds)+1); + suffix_len); memcpy (buf+i+n, ns, ns_size); } else -- 1.5.6.5
