Re: [dev] [sbase] tr: heap-buffer-overflow

From: Roberto E. Vargas Caballero <k0ga_AT_shike2.net>
Date: Wed, 5 Nov 2025 10:51:01 +0100

Hi,

On Sun, Oct 26, 2025 at 12:23:51PM +0100, Hiltjo Posthuma wrote:
> At a glance, maybe this:
>
> if (!sflag && !set2ranges && !set2check)
> eprintf("cannot map to an empty set.\n");
>
> should be:
>
> if (!dflag && !set2ranges && !set2check)
> eprintf("cannot map to an empty set.\n");

I think you are right, but after reading the POSIX spec seems like
it is a bit more complex. Quoting from the standard:

        When the -d option is specified:

        Input characters found in the array specified by string1
        shall be deleted.

        When the -C option is specified with -d, all characters
        except those specified by string1 shall be deleted. The
        contents of string2 are ignored, unless the -s option is
        also specified.

        When the -c option is specified with -d, all values except
        those specified by string1 shall be deleted. The contents
        of string2 shall be ignored, unless the -s option is also
        specified.

        The same string cannot be used for both the -d and the -s
        option; when both options are specified, both string1 (used
        for deletion) and string2 (used for squeezing) shall be
        required.

So, I suppose the condition has to be something like:

        if ((!dflag || !Cflag && !cflag && !sflag) && !set2ranges && !set2check)

am I right?

Regards,
Received on Wed Nov 05 2025 - 10:51:01 CET