I found this bug when I was just fooling around:
$ seq -f %10 1
seq: memory exhausted
The problem is that strchr(string, '\0') always succeeds, by
definition. Here's a patch:
Fix bug with "seq -f %10", which is an invalid format.
* src/seq.c (long_double_format): Fix bug that mishandled this case.
* tests/misc/seq (fmt-d): New test, for this case.
diff --git a/src/seq.c b/src/seq.c
index 261a44b..b3d1e46 100644
--- a/src/seq.c
+++ b/src/seq.c
@@ -190,6 +190,7 @@ long_double_format (char const *fmt, struct layout *layout)
size_t suffix_len = 0;
size_t length_modifier_offset;
bool has_L;
+ static char const allowed_specifiers[8] = "efgaEFGA";
for (i = 0; ! (fmt[i] == '%' && fmt[i + 1] != '%'); i += (fmt[i] == '%') + 1)
if (fmt[i])
@@ -209,7 +210,7 @@ long_double_format (char const *fmt, struct layout *layout)
length_modifier_offset = i;
has_L = (fmt[i] == 'L');
i += has_L;
- if (! strchr ("efgaEFGA", fmt[i]))
+ if (! memchr (allowed_specifiers, fmt[i], sizeof allowed_specifiers))
return NULL;
for (i++; ! (fmt[i] == '%' && fmt[i + 1] != '%'); i += (fmt[i] == '%') + 1)
diff --git a/tests/misc/seq b/tests/misc/seq
index 3365d95..a85da75 100755
--- a/tests/misc/seq
+++ b/tests/misc/seq
@@ -89,6 +89,11 @@ my @Tests =
{ERR => "seq: invalid format string: `%%g'\n"
. "Try `seq --help' for more information.\n"},
],
+
+ # In coreutils-6.10, this would mistakenly exhaust memory.
+ ['fmt-d', qw(-f %%10 1), {EXIT => 1},
+ {ERR => "seq: invalid format string: `%%10'\n"
+ . "Try `seq --help' for more information.\n"}],
);
# Append a newline to each entry in the OUT array.
_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils
