[hackers] [sbase] Fix segmentation fault in cut(1) || FRIGN

From: <git_AT_suckless.org>
Date: Tue, 24 Mar 2015 23:53:15 +0100 (CET)

commit 27996f2b86ada4de79190fb1fff49b48091ef72a
Author: FRIGN <dev_AT_frign.de>
Date: Sat Jan 24 21:25:40 2015 +0100

    Fix segmentation fault in cut(1)
    
    Be stricter while resolving escapes in the delimiter-string and
    error out when it has length 0 or contains an invalid escape.
    
    Thanks to Hiltjo Posthuma's sharp eagle eyes this bug was spotted.

diff --git a/cut.c b/cut.c
index 5515f20..cd43703 100644
--- a/cut.c
+++ b/cut.c
_AT_@ -144,7 +144,7 @@ resolveescapes(char *s, size_t len)
 {
         size_t i, off, m;
 
- for (i = 0; i < len - 1; i++) {
+ for (i = 0; i < len; i++) {
                 if (s[i] != '\\')
                         continue;
                 off = 0;
_AT_@ -158,7 +158,8 @@ resolveescapes(char *s, size_t len)
                 case 'r': s[i] = '\r'; off++; break;
                 case 't': s[i] = '\t'; off++; break;
                 case 'v': s[i] = '\v'; off++; break;
- default: continue;
+ case '\0': eprintf("cut: null escape sequence in delimiter\n");
+ default: eprintf("cut: invalid escape sequence '\\%c' in delimiter\n", s[i + 1]);
                 }
 
                 for (m = i + 1; m <= len - off; m++)
_AT_@ -191,6 +192,8 @@ main(int argc, char *argv[])
                 break;
         case 'd':
                 delim = EARGF(usage());
+ if (!*delim)
+ eprintf("cut: empty delimiter\n");
                 delimlen = resolveescapes(delim, strlen(delim));
                 break;
         case 'n':
Received on Tue Mar 24 2015 - 23:53:15 CET

This archive was generated by hypermail 2.3.0 : Wed Mar 25 2015 - 00:02:40 CET