Re: fold -b1 segmentation fault
On Thu, Oct 21, 2010 at 05:57:24PM +0100, Jason McIntyre wrote: > in case anyone's interested, and as reported in a recent freebsd pr: > > $ fold -b1 > Segmentation fault (core dumped) > > no fix is provided. > > jmc > > >Number: 151592 > >Category: misc > >Synopsis: 'fold' segfaults on argument processing > >Confidential: no > >Severity: non-critical > >Priority: low > >Responsible:freebsd-bugs > >State: open > >Quarter: > >Keywords: > >Date-Required: > >Class: sw-bug > >Submitter-Id: current-users > >Arrival-Date: Wed Oct 20 03:50:08 UTC 2010 > >Closed-Date: > >Last-Modified: > >Originator: Marcus Reid > >Release:8.1-STABLE > >Organization: > >Environment: > FreeBSD austin.sea.netifice.com 8.1-STABLE FreeBSD 8.1-STABLE #0: > Mon Sep 20 23:53:47 PDT 2010 > r...@austin.sea.netifice.com:/usr/obj/usr/src/sys/FARK amd64 > >Description: > The 'fold' utility reads past the end of a buffer if arguments are > incorrectly specified. If you pass an argument to '-b' that happens > to be in the character set "0123456789", line 101 reads past the > end of argv[optind] and causes a segmentation fault. > >How-To-Repeat: > Simply run 'fold -b1' > >Fix: > I don't really see what the author is intending to do in that case > statement where it breaks. > > >Release-Note: > >Audit-Trail: > >Unformatted: > Fix appears to be to let getopt handle it, since allowing 0-9 as an argument is not documented: Index: fold.c === RCS file: /cvs/src/usr.bin/fold/fold.c,v retrieving revision 1.12 diff -u -p -r1.12 fold.c --- fold.c 27 Oct 2009 23:59:38 - 1.12 +++ fold.c 21 Oct 2010 17:26:24 - @@ -57,7 +57,7 @@ main(int argc, char *argv[]) const char *errstr; width = -1; - while ((ch = getopt(argc, argv, "0123456789bsw:")) != -1) + while ((ch = getopt(argc, argv, "bsw:")) != -1) switch (ch) { case 'b': count_bytes = 1; @@ -70,21 +70,6 @@ main(int argc, char *argv[]) if (errstr != NULL) errx(1, "illegal width value, %s: %s", errstr, optarg); - break; - case '0': case '1': case '2': case '3': case '4': - case '5': case '6': case '7': case '8': case '9': - if (width == -1) { - p = argv[optind - 1]; - if (p[0] == '-' && p[1] == ch && !p[2]) - w = ++p; - else - w = argv[optind] + 1; - - width = strtonum(w, 1, INT_MAX, &errstr); - if (errstr != NULL) - errx(1, "illegal width value, %s: %s", - errstr, optarg); - } break; default: (void)fprintf(stderr,
Re: fold -b1 segmentation fault
On Thu, Oct 21, 2010 at 05:57:24PM +0100, Jason McIntyre wrote: > in case anyone's interested, and as reported in a recent freebsd pr: > > $ fold -b1 > Segmentation fault (core dumped) > > no fix is provided. Holy ugliness... Here are two diffs, pick your choice. Either drop the (attempt) to implemented obsolete syntax (like `fold -42') completely: Index: fold.c === RCS file: /cvs/src/usr.bin/fold/fold.c,v retrieving revision 1.12 diff -u -p -r1.12 fold.c --- fold.c 27 Oct 2009 23:59:38 - 1.12 +++ fold.c 21 Oct 2010 18:49:08 - @@ -52,12 +52,10 @@ main(int argc, char *argv[]) { int ch; int width; - char *p; - char *w; const char *errstr; - width = -1; - while ((ch = getopt(argc, argv, "0123456789bsw:")) != -1) + width = DEFLINEWIDTH; + while ((ch = getopt(argc, argv, "bsw:")) != -1) switch (ch) { case 'b': count_bytes = 1; @@ -71,21 +69,6 @@ main(int argc, char *argv[]) errx(1, "illegal width value, %s: %s", errstr, optarg); break; - case '0': case '1': case '2': case '3': case '4': - case '5': case '6': case '7': case '8': case '9': - if (width == -1) { - p = argv[optind - 1]; - if (p[0] == '-' && p[1] == ch && !p[2]) - w = ++p; - else - w = argv[optind] + 1; - - width = strtonum(w, 1, INT_MAX, &errstr); - if (errstr != NULL) - errx(1, "illegal width value, %s: %s", - errstr, optarg); - } - break; default: (void)fprintf(stderr, "usage: fold [-bs] [-w width] [file ...]\n"); @@ -93,9 +76,6 @@ main(int argc, char *argv[]) } argv += optind; argc -= optind; - - if (width == -1) - width = DEFLINEWIDTH; if (!*argv) fold(width); Or as an alternative keep the obsolete syntax but do not segfault if it's mixed with normal options (like -b1 or -s1): Index: fold.c === RCS file: /cvs/src/usr.bin/fold/fold.c,v retrieving revision 1.12 diff -u -p -r1.12 fold.c --- fold.c 27 Oct 2009 23:59:38 - 1.12 +++ fold.c 21 Oct 2010 18:47:40 - @@ -53,7 +53,6 @@ main(int argc, char *argv[]) int ch; int width; char *p; - char *w; const char *errstr; width = -1; @@ -75,12 +74,14 @@ main(int argc, char *argv[]) case '5': case '6': case '7': case '8': case '9': if (width == -1) { p = argv[optind - 1]; - if (p[0] == '-' && p[1] == ch && !p[2]) - w = ++p; - else - w = argv[optind] + 1; - - width = strtonum(w, 1, INT_MAX, &errstr); + if (p[0] != '-' || p[1] != ch || p[2]) + p = argv[optind]; + if (p == NULL || p[0] != '-' || p[1] != ch) { + (void)fprintf(stderr, + "usage: fold [-bs] [-w width] [file ...]\n"); + exit(1); + } + width = strtonum(p + 1, 1, INT_MAX, &errstr); if (errstr != NULL) errx(1, "illegal width value, %s: %s", errstr, optarg); Ciao, Kili
Re: fold -b1 segmentation fault
> >Fix: > I don't really see what the author is intending to do in that case > statement where it breaks. Agreed. Handing arguments for -w is properly done in the 'w' case with optarg. Commenting out the digit cases gives the desired result: strawberry:/usr/src/usr.bin/fold ; ./fold -b1 usage: fold [-bs] [-w width] [file ...] You'd want to test further, but it seems like you could just delete those digit cases and that they are dead, broken code. -- http://noncombatant.org/
fold -b1 segmentation fault
in case anyone's interested, and as reported in a recent freebsd pr: $ fold -b1 Segmentation fault (core dumped) no fix is provided. jmc >Number: 151592 >Category: misc >Synopsis: 'fold' segfaults on argument processing >Confidential: no >Severity: non-critical >Priority: low >Responsible:freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 20 03:50:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Marcus Reid >Release:8.1-STABLE >Organization: >Environment: FreeBSD austin.sea.netifice.com 8.1-STABLE FreeBSD 8.1-STABLE #0: Mon Sep 20 23:53:47 PDT 2010 r...@austin.sea.netifice.com:/usr/obj/usr/src/sys/FARK amd64 >Description: The 'fold' utility reads past the end of a buffer if arguments are incorrectly specified. If you pass an argument to '-b' that happens to be in the character set "0123456789", line 101 reads past the end of argv[optind] and causes a segmentation fault. >How-To-Repeat: Simply run 'fold -b1' >Fix: I don't really see what the author is intending to do in that case statement where it breaks. >Release-Note: >Audit-Trail: >Unformatted: