Hi Jim, We found a crash bug in paste, due to an unbounded buffer overflow. The bug is similar to the ptx bug that we reported earlier, and is due to a lone backslash following the -d flag. Here is an input that crashes libc on my machine:
$ paste -d\\ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa *** glibc detected *** paste: free(): invalid next size (normal): 0x09035888 *** The problem seems to be in collapse_escapes() which when given a lone backslash, incorrectly advances 'strptr' past the end of the string, and continues copying from there, overflowing the 'delims' buffer. As usual, we appreciate your confirmation of the bug. Cristian _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils
