Package: foremost Version: 1.5.7-9.1 Running "foremost -T -c something" results in undefined behavior. First, it calls `fopen()` with NULL as pathname. Second, it uses argv[i] with i > argc. In my case, it tries to read files with pathnames as environment variables. See strace:
$ strace --trace=openat foremost -T -c something ... openat(AT_FDCWD, "foremost", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "-T", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) openat(AT_FDCWD, "SHELL=/bin/bash", O_RDONLY) = -1 ENOENT (No such file or directory) <several lines similar to above> ... This is because the program doesn't check if "-c something" are the last arguments when skipping them at <main.c:274> The following patch fixes it: --- a/main.c +++ b/main.c @@ -272,6 +272,9 @@ { /*jump past the conf file so we don't process it.*/ argv+=2; + if (*argv == NULL) { + break; + } } testFile = fopen(*argv, "rb"); if (testFile)
--- a/main.c +++ b/main.c @@ -272,6 +272,9 @@ { /*jump past the conf file so we don't process it.*/ argv+=2; + if (*argv == NULL) { + break; + } } testFile = fopen(*argv, "rb"); if (testFile)