From 27996f2b86ada4de79190fb1fff49b48091ef72a Mon Sep 17 00:00:00 2001 From: FRIGN Date: Sat, 24 Jan 2015 21:25:40 +0100 Subject: [PATCH] Fix segmentation fault in cut(1) Be stricter while resolving escapes in the delimiter-string and error out when it has length 0 or contains an invalid escape. Thanks to Hiltjo Posthuma's sharp eagle eyes this bug was spotted. --- cut.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cut.c b/cut.c index 5515f20..cd43703 100644 --- a/cut.c +++ b/cut.c @@ -144,7 +144,7 @@ resolveescapes(char *s, size_t len) { size_t i, off, m; - for (i = 0; i < len - 1; i++) { + for (i = 0; i < len; i++) { if (s[i] != '\\') continue; off = 0; @@ -158,7 +158,8 @@ resolveescapes(char *s, size_t len) case 'r': s[i] = '\r'; off++; break; case 't': s[i] = '\t'; off++; break; case 'v': s[i] = '\v'; off++; break; - default: continue; + case '\0': eprintf("cut: null escape sequence in delimiter\n"); + default: eprintf("cut: invalid escape sequence '\\%c' in delimiter\n", s[i + 1]); } for (m = i + 1; m <= len - off; m++) @@ -191,6 +192,8 @@ main(int argc, char *argv[]) break; case 'd': delim = EARGF(usage()); + if (!*delim) + eprintf("cut: empty delimiter\n"); delimlen = resolveescapes(delim, strlen(delim)); break; case 'n':