Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Jun 2016 16:10:57 +0200
From:      Pietro Cerutti <gahr@FreeBSD.org>
To:        Abhinav Upadhyay <er.abhinav.upadhyay@gmail.com>
Cc:        freebsd-hackers@freebsd.org, owner-freebsd-hackers@freebsd.org
Subject:   Re: Possible bug in ul(1)
Message-ID:  <fbe48f7322000456f7ce7bfd52b08a34@gahr.ch>
In-Reply-To: <CAHwRYJ=DeqMmc9mfrOn=CS4JkHLaSU842E2GG=o_EuOQUPehUA@mail.gmail.com>
References:  <CAHwRYJ=DeqMmc9mfrOn=CS4JkHLaSU842E2GG=o_EuOQUPehUA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2016-06-15 22:59, Abhinav Upadhyay wrote:
> Hi,
> 
> NetBSD's ul(1) had a bug, where it would dump core for certain inputs
> containing really long lines. For example, we had two man pages for
> which it would crash:
> 
> man evrpc | ul
> man xdm | ul
> 
> We had a statically allocated buffer (struct CHAR obuf[MAXBUF]) for
> representing columns in the lines of the input file, and for really
> long lines, we would try to read beyond the size of the buffer and
> crash. We've fixed it by using reallocarr(3) and friends [1].
> 
> FreeBSD also uses a statically allocated buffer, but it ensures that
> it never reads beyond the fixed size of the buffer and therefore
> doesn't crash for such bad inputs.
> 
> line 170: while ((c = getwc(f)) != WEOF && col < MAXBUF) switch(c) {
> 
> However, it stops reading the file just at the point where the number
> of columns in the line exceeds the buffer size and exits with status
> 0. I think, if it is not going to read the complete file, it should
> exit with a non-0 status, so that the user gets to know that the
> output from ul(1) is not complete? Or, probably it would be better to
> fix ul(1) so that it is able to read files with arbitrarily long
> lines. :)
> 
> PS: I'm not subscribed to the list, so please keep me CC'ed.
> 
> [1]:
> http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/ul/ul.c.diff?r1=1.16&r2=1.17&only_with_tag=MAIN

Bug report and patch submitted at 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210344.
Thanks!

-- 
Pietro Cerutti
gahr@FreeBSD.org

PGP Public Key:
http://gahr.ch/pgp

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fbe48f7322000456f7ce7bfd52b08a34>