Fossil

Check-in [e120c2a9]
Login

Check-in [e120c2a9]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Resolved invalid memory write in --args FILE handling when FILE contains embedded NULs, as reported in forum post 7b34eecc1b8cf5d2. Cause: mismatch between --args expansion's own line counting vs blob_line() counting. All bytes after the first embedded NUL are now effectively ignored.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: e120c2a9a7278cbc48be7f20110799c954770149755c7b6eee3815d2304224f5
User & Date: stephan 2021-08-05 11:55:07
Context
2021-08-05
17:06
Minor doc fix for previous commit. No code changes. ... (check-in: 04a9e74a user: stephan tags: trunk)
11:55
Resolved invalid memory write in --args FILE handling when FILE contains embedded NULs, as reported in forum post 7b34eecc1b8cf5d2. Cause: mismatch between --args expansion's own line counting vs blob_line() counting. All bytes after the first embedded NUL are now effectively ignored. ... (check-in: e120c2a9 user: stephan tags: trunk)
2021-08-02
10:09
Typo fix in previous ... (check-in: e3066ede user: wyoung tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/main.c. 

471
472
473
474
475
476
477
478






479
480
481
482
483
484
485

  for(k=0, nLine=1; z[k]; k++) if( z[k]=='\n' ) nLine++;
  if( nLine>100000000 ) fossil_fatal("too many command-line arguments");
  nArg = g.argc + nLine*2;
  newArgv = fossil_malloc( sizeof(char*)*nArg );
  for(j=0; j<i; j++) newArgv[j] = g.argv[j];

  blob_rewind(&file);
  while( (n = blob_line(&file, &line))>0 ){






    if( n<1 ){
      /* Reminder: corner-case: a line with 1 byte and no newline. */
      continue;
    }
    z = blob_buffer(&line);
    if('\n'==z[n-1]){
      z[n-1] = 0;








|
>
>
>
>
>
>








471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491

  for(k=0, nLine=1; z[k]; k++) if( z[k]=='\n' ) nLine++;
  if( nLine>100000000 ) fossil_fatal("too many command-line arguments");
  nArg = g.argc + nLine*2;
  newArgv = fossil_malloc( sizeof(char*)*nArg );
  for(j=0; j<i; j++) newArgv[j] = g.argv[j];

  blob_rewind(&file);
  while( nLine-->0 && (n = blob_line(&file, &line))>0 ){
    /* Reminder: ^^^ nLine check avoids that embedded NUL bytes in the
    ** --args file causes nLine to be less than blob_line() will end
    ** up reporting in that case, which leads to an memory illegal
    ** write. See forum post
    ** https://fossil-scm.org/forum/forumpost/7b34eecc1b8c for
    ** details */
    if( n<1 ){
      /* Reminder: corner-case: a line with 1 byte and no newline. */
      continue;
    }
    z = blob_buffer(&line);
    if('\n'==z[n-1]){
      z[n-1] = 0;