From: Pádraig Brady <P@draigBrady.com>
Date: Wed, 15 Jan 2025 17:42:55 +0000 (+0000)
Subject: tac: avoid out of bounds access
X-Git-Tag: v9.6~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d60e550ed0ba67455a5952fe8adf27dacf47e680;p=thirdparty%2Fcoreutils.git

tac: avoid out of bounds access

This was flagged on CheriBSD on ARM Morello with the error:
"In-address space security exception (core dumped)"
triggered with: tac -s '' /dev/null

* src/tac.c (main): Ensure we don't read beyond the
end of the supplied optarg.
---

diff --git a/src/tac.c b/src/tac.c
index e4aac77fe1..f086f53451 100644
--- a/src/tac.c
+++ b/src/tac.c
@@ -553,7 +553,7 @@ main (int argc, char **argv)
   G_buffer = xmalloc (G_buffer_size);
   if (sentinel_length)
     {
-      memcpy (G_buffer, separator, sentinel_length + 1);
+      memcpy (G_buffer, separator, sentinel_length + !!*separator);
       G_buffer += sentinel_length;
     }
   else