[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22489: A bug in tail.c
From: |
Lei Wang |
Subject: |
bug#22489: A bug in tail.c |
Date: |
Fri, 29 Jan 2016 20:38:39 +0800 |
Version: GNU Coreutils 8.20-8.25
File: tail.c
Bug description:
Line 1979, parse_obsolete_option() function has three parameters: argc,
argv, n_units. We only need to focus on argc and argv, which is from the
main() function. Line 1992 filter the argc and argv. When argc==2, line
1998 p = argv[1], line 2000 *p++, then *p=argv[1][1], line 2026 while
(ISDIGIT (*p)) access p. There is one condition can lead to program
overflow, thus argc==2 and argv[1] has only one character, for example
./tail x , will access the next character after x, this maybe a bug, but
can not lead program crash.
--WangLei
- bug#22489: A bug in tail.c,
Lei Wang <=