diff options
| author | Pádraig Brady <P@draigBrady.com> | 2025-10-02 12:24:20 +0100 |
|---|---|---|
| committer | Pádraig Brady <P@draigBrady.com> | 2025-10-02 15:26:02 +0100 |
| commit | 75e3888bd3e6787f066f23b3c606d0e8f49fa5cc (patch) | |
| tree | f256f07ee905fdf0496b1184e6bda1eda90065e0 /tests | |
| parent | doc: man: consistently format -X[OPTIONAL] form (diff) | |
| download | coreutils-75e3888bd3e6787f066f23b3c606d0e8f49fa5cc.tar.gz coreutils-75e3888bd3e6787f066f23b3c606d0e8f49fa5cc.zip | |
unexpand: fix heap buffer overflow with --tabs=[+/]NUM
This avoids CWE-122: Heap-based Buffer Overflow
where we could write blank characters beyond
the allocated heap buffer.
* src/expand-common.c (set_max_column_width): Refactor function from ...
(add_tab_stop): ... here.
(set_extend_size): Call new function.
(set_increment_size): Likewise.
* NEWS: Mention the bug fix.
Fixes https://bugs.gnu.org/79555
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/misc/unexpand.pl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tests/misc/unexpand.pl b/tests/misc/unexpand.pl index 27d9c17b6..bb7469cae 100755 --- a/tests/misc/unexpand.pl +++ b/tests/misc/unexpand.pl @@ -76,6 +76,10 @@ my @Tests = ['blanks-12', '-t', '3,4', {IN=> "01 4\n"}, {OUT=> "01\t\t4\n"}], ['blanks-13', '-t', '3,4', {IN=> "0 4\n"}, {OUT=> "0\t\t4\n"}], + # These would overflow a heap buffer from v8.28 - v9.8 inclusive + ['blanks-ext1', '-t', '3,+6', {IN=> "\t "}, {OUT=> "\t\t"}], + ['blanks-ext2', '-t', '3,/9', {IN=> "\t "}, {OUT=> "\t\t"}], + # POSIX says spaces should only follow tabs. Also a single # trailing space is not converted to a tab, when before # a field starting with non blanks |