[dev] [sbase] tr: heap-buffer-overflow
0 views
Skip to first unread message
Frank Busse
Oct 23, 2025, 9:34:35 AMOct 23
to d...@suckless.org
Hi,
KLEE again:
---
$ printf '--------' | ./tr -s - ""
ERROR: AddressSanitizer: heap-buffer-overflow
$ printf '-' | ./tr -cs "" ""
ERROR: AddressSanitizer: heap-buffer-overflow
---
Best,
Frank
KLEE again:
---
$ printf '--------' | ./tr -s - ""
ERROR: AddressSanitizer: heap-buffer-overflow
$ printf '-' | ./tr -cs "" ""
ERROR: AddressSanitizer: heap-buffer-overflow
---
Best,
Frank
Markus Wichmann
Oct 23, 2025, 10:28:13 AMOct 23
to dev mail list
Ciao,
Markus
Hiltjo Posthuma
Oct 26, 2025, 7:24:46 AMOct 26
to dev mail list
(Briefly tested against GNU tr and OpenBSD tr).
At a glance, maybe this:
if (!sflag && !set2ranges && !set2check)
eprintf("cannot map to an empty set.\n");
should be:
if (!dflag && !set2ranges && !set2check)
eprintf("cannot map to an empty set.\n");
Please write a patch, it would help a lot,
--
Kind regards,
Hiltjo
Roberto E. Vargas Caballero
Nov 5, 2025, 4:51:49 AMNov 5
to dev mail list
Hi,
On Sun, Oct 26, 2025 at 12:23:51PM +0100, Hiltjo Posthuma wrote:
> At a glance, maybe this:
>
> if (!sflag && !set2ranges && !set2check)
> eprintf("cannot map to an empty set.\n");
>
> should be:
>
> if (!dflag && !set2ranges && !set2check)
> eprintf("cannot map to an empty set.\n");
I think you are right, but after reading the POSIX spec seems like
it is a bit more complex. Quoting from the standard:
When the -d option is specified:
Input characters found in the array specified by string1
shall be deleted.
When the -C option is specified with -d, all characters
except those specified by string1 shall be deleted. The
contents of string2 are ignored, unless the -s option is
also specified.
When the -c option is specified with -d, all values except
those specified by string1 shall be deleted. The contents
of string2 shall be ignored, unless the -s option is also
specified.
The same string cannot be used for both the -d and the -s
option; when both options are specified, both string1 (used
for deletion) and string2 (used for squeezing) shall be
required.
So, I suppose the condition has to be something like:
if ((!dflag || !Cflag && !cflag && !sflag) && !set2ranges && !set2check)
am I right?
Regards,
On Sun, Oct 26, 2025 at 12:23:51PM +0100, Hiltjo Posthuma wrote:
> At a glance, maybe this:
>
> if (!sflag && !set2ranges && !set2check)
> eprintf("cannot map to an empty set.\n");
>
> should be:
>
> if (!dflag && !set2ranges && !set2check)
> eprintf("cannot map to an empty set.\n");
it is a bit more complex. Quoting from the standard:
When the -d option is specified:
Input characters found in the array specified by string1
shall be deleted.
When the -C option is specified with -d, all characters
except those specified by string1 shall be deleted. The
contents of string2 are ignored, unless the -s option is
also specified.
When the -c option is specified with -d, all values except
those specified by string1 shall be deleted. The contents
of string2 shall be ignored, unless the -s option is also
specified.
The same string cannot be used for both the -d and the -s
option; when both options are specified, both string1 (used
for deletion) and string2 (used for squeezing) shall be
required.
So, I suppose the condition has to be something like:
if ((!dflag || !Cflag && !cflag && !sflag) && !set2ranges && !set2check)
am I right?
Regards,
Roberto E. Vargas Caballero
Nov 6, 2025, 2:13:40 AMNov 6
to dev mail list
Hi,
On Thu, Oct 23, 2025 at 03:30:06PM +0200, Frank Busse wrote:
A patch already pushed to the repo should fix both issues.
Regards,
On Thu, Oct 23, 2025 at 03:30:06PM +0200, Frank Busse wrote:
Regards,
Reply all
Reply to author
Forward
0 new messages