Bug 178772 - Off-by-one mistake in temp filename creation
Off-by-one mistake in temp filename creation
Status: CLOSED DUPLICATE of bug 174016
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: dos2unix (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-24 04:36 EST by Bastien Nocera
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-24 04:58:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dos2unix-off-by-one.patch (630 bytes, patch)
2006-01-24 04:36 EST, Bastien Nocera
no flags Details | Diff

  None (edit)
Description Bastien Nocera 2006-01-24 04:36:55 EST
dos2unix-3.1-21

Forgot to include the null-terminator in the temp filename length calculation.
Patch attached.

==19570== Invalid write of size 1
==19570==    at 0x9BC15B: _IO_vsprintf_internal (in /lib/tls/libc-2.3.4.so)
==19570==    by 0x9A94CA: _IO_sprintf (in /lib/tls/libc-2.3.4.so)
==19570==    by 0x8048E7F: MakeTempFileFrom (dos2unix.c:289)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==  Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd
==19570==    at 0x1B904984: malloc (vg_replace_malloc.c:131)
==19570==    by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==    by 0x8049552: main (dos2unix.c:601)
==19570==
==19570== Conditional jump or move depends on uninitialised value(s)
==19570==    at 0x9CFEC7: strlen (in /lib/tls/libc-2.3.4.so)
==19570==    by 0xA27902: mkstemp (in /lib/tls/libc-2.3.4.so)
==19570==    by 0x8048E94: MakeTempFileFrom (dos2unix.c:294)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==
==19570== Invalid read of size 1
==19570==    at 0x9B7E96: __gen_tempname (in /lib/tls/libc-2.3.4.so)
==19570==    by 0xA27902: mkstemp (in /lib/tls/libc-2.3.4.so)
==19570==    by 0x8048E94: MakeTempFileFrom (dos2unix.c:294)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==  Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd
==19570==    at 0x1B904984: malloc (vg_replace_malloc.c:131)
==19570==    by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==    by 0x8049552: main (dos2unix.c:601)
==19570==
==19570== Syscall param open(pathname) contains uninitialised or unaddressable
byte(s)
==19570==    at 0xA1F673: __open_nocancel (in /lib/tls/libc-2.3.4.so)
==19570==    by 0xA27902: mkstemp (in /lib/tls/libc-2.3.4.so)
==19570==    by 0x8048E94: MakeTempFileFrom (dos2unix.c:294)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==  Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd
==19570==    at 0x1B904984: malloc (vg_replace_malloc.c:131)
==19570==    by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==    by 0x8049552: main (dos2unix.c:601)
==19570==
==19570== Syscall param rename(oldpath) contains uninitialised or unaddressable
byte(s)
==19570==    at 0x9B83E6: rename (in /lib/tls/libc-2.3.4.so)
==19570==    by 0x8049552: main (dos2unix.c:601)
==19570==  Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd
==19570==    at 0x1B904984: malloc (vg_replace_malloc.c:131)
==19570==    by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287)
==19570==    by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409)
==19570==    by 0x8049552: main (dos2unix.c:601)
Comment 1 Bastien Nocera 2006-01-24 04:36:55 EST
Created attachment 123606 [details]
dos2unix-off-by-one.patch
Comment 2 Tim Waugh 2006-01-24 04:58:02 EST

*** This bug has been marked as a duplicate of 174016 ***

Note You need to log in before you can comment on or make changes to this bug.