From: Pádraig Brady <P@draigBrady.com>
Date: Thu, 24 Nov 2016 15:56:01 +0000 (+0000)
Subject: ptx: fix an invalid heap reference with short --width
X-Git-Tag: v8.26~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca99c524e828cc1a1cfeff3cdfc5349f87143829;p=thirdparty%2Fcoreutils.git

ptx: fix an invalid heap reference with short --width

* src/ptx.c (fix_output_parameters): Ensure line_width doesn't
go negative, which can happen when the --width is less
than the --gap-size.
* tests/misc/ptx-overrun.sh: Add a test case that triggers
with ASAN.  (Note the longer filename is needed to trigger).
Fixes http://bugs.gnu.org/25011
---

diff --git a/src/ptx.c b/src/ptx.c
index c3b60dfa5b..d1896789b0 100644
--- a/src/ptx.c
+++ b/src/ptx.c
@@ -1235,6 +1235,8 @@ fix_output_parameters (void)
 
   if ((auto_reference || input_reference) && !right_reference)
     line_width -= reference_max_width + gap_size;
+  if (line_width < 0)
+    line_width = 0;
 
   /* The output lines, minimally, will contain from left to right a left
      context, a gap, and a keyword followed by the right context with no
diff --git a/tests/misc/ptx-overrun.sh b/tests/misc/ptx-overrun.sh
index a4f2e382e1..3b46812644 100755
--- a/tests/misc/ptx-overrun.sh
+++ b/tests/misc/ptx-overrun.sh
@@ -41,4 +41,9 @@ ptx ws.in ws.in | sort | uniq -u > out
 compare /dev/null out || fail=1
 
 
+# Trigger an invalid heap reference noticed by gcc -fsanitize=address
+# from coreutils-8.25 and earlier.
+echo a > a
+ptx -w1 -A $PWD/a >/dev/null || fail=1
+
 Exit $fail