On Tue, Jun 24, 2025, 10:04 Pádraig Brady <p...@draigbrady.com> wrote:
>
> On 24/06/2025 01:16, Pádraig Brady wrote:
> > On 23/06/2025 09:24, Jaehoon Jang wrote:
> >> =================================================================
> >> ==1151699==ERROR: AddressSanitizer: heap-buffer-overflow on address
> >> 0x6150000004f9 at pc 0x0000004d153f bp 0x7fff937f0410 sp 0x7fff937f0408
> >> WRITE of size 1 at 0x6150000004f9 thread T0
> >> #0 0x4d153e in dump_strings coreutils/src/od.c:1570:14
> >
> > Nice fuzzing.
> >
> > There looks to be all sorts of off by one errors in the dump_strings()
> > function.
> > The issue is most easily demonstrated with:
> >
> > printf '%100s' | tr ' ' . | valgrind od -N100 -S99
> >
> > The following should fix this I think.
> > I've only analyzed it for a few minutes, so I'll look more tomorrow.
> > The following should also fix the printed offset,
> > and also support the -N100 -S100 combination.
>
> The previous patch didn't handle the invalid address output in all cases.
> Also I didn't see a need for both read() loops in this function,
> so I simplified the function in the attached more complete patch.
This part:
> tryline:
> + idx_t i = 0;
> + int c = 1; /* Init to 1 so can distinguish if NUL read. */
triggers
warning: label followed by a declaration is a C23 extension
[-Wc23-extensions]
