GNU tar 1.07 steps on memory
Kian-Tat Lim
ktl at wag240.caltech.edu
Mon Jan 1 03:15:06 AEST 1990
Description:
In routine quote_copy_string in port.c, a string is malloc-ed to hold
a backslash-quoted copy of the argument. This string is insufficiently long
if the last character of the input string is unprintable or is a backslash.
The bug manifests itself as unpredictable behavior after a file with a name
containing an unprintable last character is processed when the -v flag is
used.
Repeat-By:
Under SGI Irix 3.1F, the following causes a core dump when the
subdirectory is read (since opendir() calls malloc()):
% cd tar-dist
% touch x^H
% mkdir sub
% cd ..
% gtar -cvf tar.tar tar-dist
Fix:
This patch also removes some extraneous lines from quote_copy_string.
*** tar-dist/port.c Wed Mar 29 07:24:55 1989
--- port.c Sun Dec 31 07:36:16 1989
***************
*** 864,879 ****
quote_copy_string(string)
char *string;
{
- char *ret;
char *from_here;
char *to_there = 0;
char *copy_buf = 0;
int c;
int copying = 0;
- void *alloca();
- ret=string;
-
from_here=string;
while(*from_here) {
c= *from_here++;
--- 864,875 ----
***************
*** 883,889 ****
n=(from_here-string)-1;
copying++;
! copy_buf=(char *)malloc(n+1+strlen(from_here)*4);
bcopy(string,copy_buf,n);
to_there=copy_buf+n;
}
--- 879,885 ----
n=(from_here-string)-1;
copying++;
! copy_buf=(char *)malloc(n+3+strlen(from_here)*4);
bcopy(string,copy_buf,n);
to_there=copy_buf+n;
}
***************
*** 898,904 ****
n=(from_here-string)-1;
copying++;
! copy_buf=(char *)malloc(n+1+strlen(from_here)*4);
bcopy(string,copy_buf,n);
to_there=copy_buf+n;
}
--- 894,900 ----
n=(from_here-string)-1;
copying++;
! copy_buf=(char *)malloc(n+3+strlen(from_here)*4);
bcopy(string,copy_buf,n);
to_there=copy_buf+n;
}
--
Kian-Tat Lim (ktl at wagvax.caltech.edu, KTL @ CITCHEM.BITNET, GEnie: K.LIM1)
More information about the Comp.sources.bugs
mailing list