bug#16171: ptx: heap buffer overrun, when run with two file arguments

[Pádraig Brady]

On 04/28/2014 10:01 PM, Bernhard Voelker wrote:
> On 04/28/2014 03:52 PM, Pádraig Brady wrote:
>> diff --git a/tests/misc/ptx-overrun.sh b/tests/misc/ptx-overrun.sh
> 
>> +# Trigger an invalid heap reference noticed by gcc -fsanitize=address
>> +# from coreutils-8.22 and earlier.  As well as an invalid memory reference,
>> +# the issue can be seen in the output, with invalid whitespace trimming
>> +# when multiple files are specified.
>> +printf '%s\n' 'This is a ptx whitespace Trimming test' > ws.in
>> +ptx ws.in ws.in | sort | uniq -u > out
>> +compare /dev/null out || fail=1
> 
> Isn't this a user-visible change, i.e., worth a NEWS entry?

Good point. I'll add a NEWS entry.

> BTW: I noticed that v8.21 produces a different result than v8.22:
> 
>   $ /tmp/cu/coreutils-8.21/src/ptx ws.in ws.in | sort | uniq -u
>       test                               This is a ptx whitespace Trimming
>      test                                This is a ptx whitespace Trimming
>   $ /tmp/cu/coreutils-8.22/src/ptx ws.in ws.in | sort | uniq -u
>           is a ptx whitespace Trimming   test                            This
>           is a ptx whitespace Trimming   test                           This

It's basically undefined behavior when trimming whitespace
depending on values on the heap. So if you look at the full output
it should be largely the same apart from the whitespace.

cheers,
Pádraig.