From owner-freebsd-bugs@FreeBSD.ORG Sat Sep 3 18:10:11 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EBDB16A41F for ; Sat, 3 Sep 2005 18:10:11 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4E1843D48 for ; Sat, 3 Sep 2005 18:10:10 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j83IAAS9067069 for ; Sat, 3 Sep 2005 18:10:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j83IAAsa067068; Sat, 3 Sep 2005 18:10:10 GMT (envelope-from gnats) Resent-Date: Sat, 3 Sep 2005 18:10:10 GMT Resent-Message-Id: <200509031810.j83IAAsa067068@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Rici Lake Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D43816A41F for ; Sat, 3 Sep 2005 18:03:07 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CC6B43D45 for ; Sat, 3 Sep 2005 18:03:07 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j83I37ne030640 for ; Sat, 3 Sep 2005 18:03:07 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j83I36VM030639; Sat, 3 Sep 2005 18:03:06 GMT (envelope-from nobody) Message-Id: <200509031803.j83I36VM030639@www.freebsd.org> Date: Sat, 3 Sep 2005 18:03:06 GMT From: Rici Lake To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: misc/85696: xargs -E doesn't work X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2005 18:10:11 -0000 >Number: 85696 >Category: misc >Synopsis: xargs -E doesn't work >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 03 18:10:10 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Rici Lake >Release: 5.2; 4.10 >Organization: Oxfam >Environment: >Description: The -E argument to xargs does not work unless MALLOC_OPTIONS have been set to zero memory. >How-To-Repeat: This should echo "one"): echo $'one\ntwo\nthree' | xargs -E two echo It works with MALLOC_OPTIONS=Z and fails with MALLOC_OPTIONS=J -bash-2.05b$ echo $'one\ntwo\nthree' | MALLOC_OPTIONS=J xargs -E two echo one two three -bash-2.05b$ echo $'one\ntwo\nthree' | MALLOC_OPTIONS=Z xargs -E two echo one >Fix: Lines 293-298 of xargs.c (revision 1.55.2.1) The test at line 295 is testing the buffer currently being constructed with the -E option argument (eofstr). Since the buffer has not been NUL-terminated, this will only produce the correct answer by accident (indeed, it could run off and read unallocated memory if the -E string were long enough) *p should zapped before the compare is done, rather than at line 299. (Although I haven't traced through the execution path in full; I assume zapping *p at this point does no harm, but a full analysis is necessary.) 293: arg2: 294: foundeof = *eofstr != '\0' && 295: strcmp(argp, eofstr) == 0; 296: 297: /* Do not make empty args unless they are quoted */ 298: if ((argp != p || wasquoted) && !foundeof) { 299: *p++ = '\0'; >Release-Note: >Audit-Trail: >Unformatted: