dos2unix-3.1-21 Forgot to include the null-terminator in the temp filename length calculation. Patch attached. ==19570== Invalid write of size 1 ==19570== at 0x9BC15B: _IO_vsprintf_internal (in /lib/tls/libc-2.3.4.so) ==19570== by 0x9A94CA: _IO_sprintf (in /lib/tls/libc-2.3.4.so) ==19570== by 0x8048E7F: MakeTempFileFrom (dos2unix.c:289) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd ==19570== at 0x1B904984: malloc (vg_replace_malloc.c:131) ==19570== by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== by 0x8049552: main (dos2unix.c:601) ==19570== ==19570== Conditional jump or move depends on uninitialised value(s) ==19570== at 0x9CFEC7: strlen (in /lib/tls/libc-2.3.4.so) ==19570== by 0xA27902: mkstemp (in /lib/tls/libc-2.3.4.so) ==19570== by 0x8048E94: MakeTempFileFrom (dos2unix.c:294) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== ==19570== Invalid read of size 1 ==19570== at 0x9B7E96: __gen_tempname (in /lib/tls/libc-2.3.4.so) ==19570== by 0xA27902: mkstemp (in /lib/tls/libc-2.3.4.so) ==19570== by 0x8048E94: MakeTempFileFrom (dos2unix.c:294) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd ==19570== at 0x1B904984: malloc (vg_replace_malloc.c:131) ==19570== by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== by 0x8049552: main (dos2unix.c:601) ==19570== ==19570== Syscall param open(pathname) contains uninitialised or unaddressable byte(s) ==19570== at 0xA1F673: __open_nocancel (in /lib/tls/libc-2.3.4.so) ==19570== by 0xA27902: mkstemp (in /lib/tls/libc-2.3.4.so) ==19570== by 0x8048E94: MakeTempFileFrom (dos2unix.c:294) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd ==19570== at 0x1B904984: malloc (vg_replace_malloc.c:131) ==19570== by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== by 0x8049552: main (dos2unix.c:601) ==19570== ==19570== Syscall param rename(oldpath) contains uninitialised or unaddressable byte(s) ==19570== at 0x9B83E6: rename (in /lib/tls/libc-2.3.4.so) ==19570== by 0x8049552: main (dos2unix.c:601) ==19570== Address 0x1B91F0BE is 0 bytes after a block of size 14 alloc'd ==19570== at 0x1B904984: malloc (vg_replace_malloc.c:131) ==19570== by 0x8048E5A: MakeTempFileFrom (dos2unix.c:287) ==19570== by 0x8049277: ConvertDosToUnixOldFile (dos2unix.c:409) ==19570== by 0x8049552: main (dos2unix.c:601)
Created attachment 123606 [details] dos2unix-off-by-one.patch
*** This bug has been marked as a duplicate of 174016 ***