36 lines
1.0 KiB
Diff
36 lines
1.0 KiB
Diff
From d60e550ed0ba67455a5952fe8adf27dacf47e680 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
|
|
Date: Wed, 15 Jan 2025 17:42:55 +0000
|
|
Subject: [PATCH] tac: avoid out of bounds access
|
|
|
|
This was flagged on CheriBSD on ARM Morello with the error:
|
|
"In-address space security exception (core dumped)"
|
|
triggered with: tac -s '' /dev/null
|
|
|
|
* src/tac.c (main): Ensure we don't read beyond the
|
|
end of the supplied optarg.
|
|
|
|
Reference:https://github.com/coreutils/coreutils/commit/d60e550ed0ba67455a5952fe8adf27dacf47e680
|
|
Conflict:NA
|
|
|
|
---
|
|
src/tac.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/tac.c b/src/tac.c
|
|
index e4aac77fe..f086f5345 100644
|
|
--- a/src/tac.c
|
|
+++ b/src/tac.c
|
|
@@ -553,7 +553,7 @@ main (int argc, char **argv)
|
|
G_buffer = xmalloc (G_buffer_size);
|
|
if (sentinel_length)
|
|
{
|
|
- memcpy (G_buffer, separator, sentinel_length + 1);
|
|
+ memcpy (G_buffer, separator, sentinel_length + !!*separator);
|
|
G_buffer += sentinel_length;
|
|
}
|
|
else
|
|
--
|
|
2.43.0
|
|
|