From 9342ddbd71ed67bf5ab79c1e4e79222959a366b2 Mon Sep 17 00:00:00 2001 From: Guanqiang Han Date: Tue, 7 Jul 2026 22:58:43 +0800 Subject: [PATCH] pr: guard input position update against overflow * src/pr.c (char_to_clump): Use ckd_add() and report integer overflow. * tests/pr/options.sh: Add a test case. * NEWS: Mention the bug fix. Fixes https://bugs.gnu.org/81393 --- NEWS | 4 ++++ src/pr.c | 5 ++++- tests/pr/options.sh | 11 +++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 0e3d9bd5f9..191d2ec63c 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,10 @@ GNU coreutils NEWS -*- outline -*- standard output is fully buffered, e.g., when redirected to a file. [bug introduced in coreutils-9.10] + 'pr' now exits gracefully upon exceeding internal accounting limits, + like when processing large tab stops. + [This bug was present in "the beginning".] + 'shred' no longer blocks when opening a FIFO that has no readers. [This bug was present in "the beginning".] diff --git a/src/pr.c b/src/pr.c index 09a1b94a8c..c3e085bcd5 100644 --- a/src/pr.c +++ b/src/pr.c @@ -2732,7 +2732,10 @@ char_to_clump (char c) else if (width < 0 && input_position <= -width) input_position = 0; else - input_position += width; + { + if (ckd_add (&input_position, input_position, width)) + integer_overflow (); + } return chars; } diff --git a/tests/pr/options.sh b/tests/pr/options.sh index feaf49f195..2324eb57e2 100755 --- a/tests/pr/options.sh +++ b/tests/pr/options.sh @@ -57,4 +57,15 @@ printf '%s\n' "pr: '-e' extra characters or $INV in the argument: '-1'" \ >exp || framework_failure_ compare exp err || fail=1 +# Ensure we exit gracefully upon internal overflow limits +# Tag as expensive as it uses little mem, but about 10s on a 2020 class machine. +if { test "$RUN_VERY_EXPENSIVE_TESTS" = yes || + test "$RUN_EXPENSIVE_TESTS" = yes; } && + test "$INT_MAX" = 2147483647; then # restrict to usual 32 bit limits + head -c1M /dev/zero | tr '\0' '\t' | + returns_ 1 pr -t -e$(($INT_MAX/(1024*1024) + 1)) 2>err >/dev/null || fail=1 + printf '%s\n' "pr: integer overflow" > exp || framework_failure_ + compare exp err || fail=1 +fi + Exit $fail -- 2.47.3