date:20210626

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-26 Thread Paul Eggert


On 6/24/21 8:50 AM, Paul Eggert wrote:

inotify_init can return 1025 even if called first thing, so we also need 
to dup2 the result of early inotify_init down to 3 (or whatever), or at 
least to check that it's less than 1024. Choosing 3 is a tricky 
business, since it's not clear what fds the C library actually needs.


When looking into this I decided it was cleaner to fix coreutils by 
using 'poll' instead of 'select', as Kamil suggested. I installed the 
attached patches to do that. The last patch fixes the bug.


Thanks for reporting the problem.
From 145707949f9479f00dce41f479549f7629d7d0c9 Mon Sep 17 00:00:00 2001
From: Paul Eggert 
Date: Sat, 26 Jun 2021 18:23:52 -0700
Subject: [PATCH 1/3] =?UTF-8?q?maint:=20while=20(1)=20=E2=86=92=20while=20?=
 =?UTF-8?q?(true)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/basenc.c |  2 +-
 src/chcon.c  |  2 +-
 src/chmod.c  |  2 +-
 src/chown-core.c |  2 +-
 src/csplit.c |  2 +-
 src/cut.c|  2 +-
 src/date.c   |  2 +-
 src/dd.c |  2 +-
 src/dircolors.c  |  2 +-
 src/du.c |  2 +-
 src/expr.c   | 12 ++--
 src/head.c   |  4 ++--
 src/join.c   |  2 +-
 src/ls.c |  4 ++--
 src/nproc.c  |  2 +-
 src/od.c |  6 +++---
 src/ptx.c|  2 +-
 src/pwd.c|  6 +++---
 src/realpath.c   |  2 +-
 src/remove.c |  2 +-
 src/rmdir.c  |  2 +-
 src/runcon.c |  2 +-
 src/sort.c   |  2 +-
 src/sum.c|  2 +-
 src/system.h |  2 +-
 src/tac-pipe.c   |  6 +++---
 src/tac.c|  2 +-
 src/tail.c   | 12 ++--
 src/tsort.c  |  2 +-
 29 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/src/basenc.c b/src/basenc.c
index 7e22363bf..5c97a3652 100644
--- a/src/basenc.c
+++ b/src/basenc.c
@@ -605,7 +605,7 @@ z85_encode (char const *restrict in, size_t inlen,
   unsigned int val;
   size_t outidx = 0;
 
-  while (1)
+  while (true)
 {
   if (inlen == 0)
 {
diff --git a/src/chcon.c b/src/chcon.c
index dc2258de0..88010848e 100644
--- a/src/chcon.c
+++ b/src/chcon.c
@@ -315,7 +315,7 @@ process_files (char **files, int bit_flags)
 
   FTS *fts = xfts_open (files, bit_flags, NULL);
 
-  while (1)
+  while (true)
 {
   FTSENT *ent;
 
diff --git a/src/chmod.c b/src/chmod.c
index 78d9c9cba..160a0c537 100644
--- a/src/chmod.c
+++ b/src/chmod.c
@@ -335,7 +335,7 @@ process_files (char **files, int bit_flags)
 
   FTS *fts = xfts_open (files, bit_flags, NULL);
 
-  while (1)
+  while (true)
 {
   FTSENT *ent;
 
diff --git a/src/chown-core.c b/src/chown-core.c
index a0b2f670f..4d816de4a 100644
--- a/src/chown-core.c
+++ b/src/chown-core.c
@@ -524,7 +524,7 @@ chown_files (char **files, int bit_flags,
 
   FTS *fts = xfts_open (files, bit_flags | stat_flags, NULL);
 
-  while (1)
+  while (true)
 {
   FTSENT *ent;
 
diff --git a/src/csplit.c b/src/csplit.c
index f188e8894..e1fb66ed2 100644
--- a/src/csplit.c
+++ b/src/csplit.c
@@ -496,7 +496,7 @@ load_buffer (void)
   if (bytes_wanted < hold_count)
 bytes_wanted = hold_count;
 
-  while (1)
+  while (true)
 {
   b = get_new_buffer (bytes_wanted);
   bytes_avail = b->bytes_alloc; /* Size of buffer returned. */
diff --git a/src/cut.c b/src/cut.c
index 78b82c80e..f4d44c211 100644
--- a/src/cut.c
+++ b/src/cut.c
@@ -306,7 +306,7 @@ cut_fields (FILE *stream)
  That is because a non-delimited line has exactly one field.  */
   buffer_first_field = (suppress_non_delimited ^ !print_kth (1));
 
-  while (1)
+  while (true)
 {
   if (field_idx == 1 && buffer_first_field)
 {
diff --git a/src/date.c b/src/date.c
index d5eebaf25..4a7a4e243 100644
--- a/src/date.c
+++ b/src/date.c
@@ -313,7 +313,7 @@ batch_convert (char const *input_filename, char const *format,
   line = NULL;
   buflen = 0;
   ok = true;
-  while (1)
+  while (true)
 {
   ssize_t line_length = getline (, , in_stream);
   if (line_length < 0)
diff --git a/src/dd.c b/src/dd.c
index d284357a4..fc5108f8b 100644
--- a/src/dd.c
+++ b/src/dd.c
@@ -2179,7 +2179,7 @@ dd_copy (void)
   alloc_ibuf ();
   alloc_obuf ();
 
-  while (1)
+  while (true)
 {
   if (status_level == STATUS_PROGRESS)
 {
diff --git a/src/dircolors.c b/src/dircolors.c
index fea0cdf01..b765ded9f 100644
--- a/src/dircolors.c
+++ b/src/dircolors.c
@@ -253,7 +253,7 @@ dc_parse_stream (FILE *fp, char const *filename)
   if (term == NULL || *term == '\0')
 term = "none";
 
-  while (1)
+  while (true)
 {
   char *keywd, *arg;
   bool unrecognized;
diff --git a/src/du.c b/src/du.c
index d4760a36c..efd519706 100644
--- a/src/du.c
+++ b/src/du.c
@@ -684,7 +684,7 @@ du_files (char **files, int bit_flags)
 {
   FTS *fts = xfts_open (files, bit_flags, NULL);
 
-  while (1)
+  while (true)
 {
   FTSENT *ent;
 
diff --git a/src/expr.c b/src/expr.c
index ec76f7607..41185a8f8 100644
--- a/src/expr.c
+++

bug#49217: [PATCH] tests: exercise shuf --input-range edge cases

2021-06-26 Thread Erik Auerswald

* tests/misc/shuf.sh: Test valid "shuf -i" edge cases that result
in a single line of input, or no line at all.  Test an invalid
range, too.
---
 tests/misc/shuf.sh | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/misc/shuf.sh b/tests/misc/shuf.sh
index 892386b3f..83e940ec4 100755
--- a/tests/misc/shuf.sh
+++ b/tests/misc/shuf.sh
@@ -39,6 +39,15 @@ compare in out > /dev/null && { fail=1; echo "not random?" 
1>&2; }
 sort -n out > out1
 compare in out1 || { fail=1; echo "not a permutation" 1>&2; }
 
+# Exercise border conditions of shuf's -i option
+# LO == HI gives one line
+echo 1 > in1 || framework_failure_
+shuf -i 1-1 > out || fail=1
+compare in1 out || fail=1
+# LO == HI+1 gives no output
+shuf -i 1-0 > out || fail=1
+compare /dev/null out || fail=1
+
 # Exercize shuf's -r -n 0 options, with no standard input.
 shuf -r -n 0 in <&- >out || fail=1
 compare /dev/null out || fail=1
@@ -95,7 +104,7 @@ test "$c" -eq 3 || { fail=1; echo "Multiple -n failed">&2 ; }
 { shuf -i0-9 -n10 -i8-90 || test $? -ne 1; } &&
   { fail=1; echo "shuf did not detect multiple -i usage.">&2 ; }
 # Test invalid range
-for ARG in '1' 'A' '1-' '1-A'; do
+for ARG in '1' 'A' '1-' '1-A' '3-1'; do
 { shuf -i$ARG || test $? -ne 1; } &&
 { fail=1; echo "shuf did not detect erroneous -i$ARG usage.">&2 ; }
 done
-- 
2.17.1

bug#49217: [PATCH] doc: clarify valid ranges for shuf -i

2021-06-26 Thread Erik Auerswald

* doc/coreutils.texi (shut invocation): Mention valid and invalid
edge cases for --input-range.
---
 doc/coreutils.texi | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index ea040458e..f59c5e962 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -4978,7 +4978,10 @@ Treat each command-line operand as an input line.
 @opindex --input-range
 @cindex input range to shuffle
 Act as if input came from a file containing the range of unsigned
-decimal integers @var{lo}@dots{}@var{hi}, one per line.
+decimal integers @var{lo}@dots{}@var{hi}, one per line.  If @var{lo} is
+equal to @var{hi}, this is a single line.  If @var{lo} is one bigger than
+@var{hi}, this is accepted as the empty range.  Other cases of @var{lo}
+greater than @var{hi} are rejected as invalid.
 
 @end table
 
-- 
2.17.1

bug#49209: coreutils: stack out-of-bounds write in tail --follow

bug#49217: [PATCH] tests: exercise shuf --input-range edge cases

bug#49217: [PATCH] doc: clarify valid ranges for shuf -i

3 matches

Site Navigation

Mail list logo

Footer information