Bug 1279 - Core from xargs due to out of range string copying
Summary: Core from xargs due to out of range string copying
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: findutils
Version: 5.2
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Preston Brown
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-02-22 16:21 UTC by Mark Cooke
Modified: 2008-05-01 15:37 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 1999-03-29 22:05:07 UTC


Attachments (Terms of Use)

Description Mark Cooke 1999-02-22 16:21:15 UTC
Using substitution for xargs scripting can cause an
out of bounds string copy, which in turn causes a core.

Eg,

echo 123 | xargs -i touch --reference={}.body {}.shtml

file core
core: ELF 32-bit LSB core file of 'xargs' (signal 11), Intel
80386, version 1

Solution:

A patch to the do_insert function.

ftp://pc24.sr.bham.ac.uk/pub/packages/SOURCES/findutils-4.1-xargs-overflow.patch

--- findutils-4.1/xargs/xargs.c.orig    Mon Feb 22 16:18:15
1999
+++ findutils-4.1/xargs/xargs.c Mon Feb 22 16:18:48 1999
@@ -625,4 +625,5 @@
       p += len;
       arg += len;
+      arglen -= len;

       if (s)
@@ -633,4 +634,5 @@
          strcpy (p, linebuf);
          arg += rplen;
+          arglen -= rplen;
          p += lblen;
        }

Regards,

Mark Cooke

Comment 1 Preston Brown 1999-03-29 22:04:59 UTC
fixed in findutils-4.1-31 and later, available in the RawHide tree
(and 6.0, if you don't mind waiting).


Note You need to log in before you can comment on or make changes to this bug.