From 6e93ae8414bb705203f6cd7ee51d11e8b7e0e9c9 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Tue, 4 Aug 2015 21:36:05 +0100
Subject: [PATCH 1/6] tools: stop checkmans.sh validating libtool builds

The checkmans.sh tried to validate shared libraries, such as
./.libs/libsmartcols.so.1, causing the check output to a have
lot of pointless garbage.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 tools/checkmans.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/checkmans.sh b/tools/checkmans.sh
index 618f8ba88..9a137780c 100755
--- a/tools/checkmans.sh
+++ b/tools/checkmans.sh
@@ -70,7 +70,7 @@ remove_repeats()
 cd $(git rev-parse --show-toplevel)
 
 for I in $(
-	find -path './autom4te.cache' -prune -o -name '*[[:alpha:]].[1-8]' -print
+	find -path './autom4te.cache' -prune -o -path './.libs' -prune -o -name '*[[:alpha:]].[1-8]' -print
 ); do
 	MAN_FILE=${I##*/}
 	MAN_LIST[${MAN_FILE%%.[0-9]}]=1

From ee24ab6f1e7d50e19d98ccb1850e8ec1364a7334 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Tue, 4 Aug 2015 22:46:26 +0100
Subject: [PATCH 2/6] misc: fix redundant assignment and reassignments before
 use [cppcheck]

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 lib/procutils.c        | 2 +-
 sys-utils/blkdiscard.c | 2 +-
 sys-utils/fstrim.c     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/procutils.c b/lib/procutils.c
index 00b977c5a..48ee7cf06 100644
--- a/lib/procutils.c
+++ b/lib/procutils.c
@@ -103,7 +103,7 @@ char *proc_get_command(pid_t pid)
 	char buf[BUFSIZ], *res = NULL;
 	ssize_t sz = 0;
 	size_t i;
-	int fd = -1;
+	int fd;
 
 	snprintf(buf, sizeof(buf), "/proc/%d/cmdline", (int) pid);
 	fd = open(buf, O_RDONLY);
diff --git a/sys-utils/blkdiscard.c b/sys-utils/blkdiscard.c
index 3ee0b5d07..150689a62 100644
--- a/sys-utils/blkdiscard.c
+++ b/sys-utils/blkdiscard.c
@@ -185,7 +185,7 @@ int main(int argc, char **argv)
 	stats[0] = range[0], stats[1] = 0;
 	gettime_monotonic(&last);
 
-	for (range[0] = range[0]; range[0] < end; range[0] += range[1]) {
+	for (/* nothing */; range[0] < end; range[0] += range[1]) {
 		if (range[0] + range[1] > end)
 			range[1] = end - range[0];
 
diff --git a/sys-utils/fstrim.c b/sys-utils/fstrim.c
index c91141e27..6bbf1c99f 100644
--- a/sys-utils/fstrim.c
+++ b/sys-utils/fstrim.c
@@ -60,7 +60,7 @@ struct fstrim_range {
 static int fstrim_filesystem(const char *path, struct fstrim_range *rangetpl,
 			    int verbose)
 {
-	int fd = -1, rc;
+	int fd, rc;
 	struct stat sb;
 	struct fstrim_range range;
 

From 3a41cdd7b5e1c8512553dfce27ca364f6a68a4f9 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 9 Aug 2015 17:50:41 +0100
Subject: [PATCH 3/6] colcrt: use #define in place of magic constants

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 text-utils/colcrt.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index 567e7b5cf..cf630c404 100644
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -68,7 +68,10 @@ static void __attribute__ ((__noreturn__)) usage(FILE * out);
  * Option -2 forces printing of all half lines.
  */
 
-wchar_t	page[267][132];
+#define FLUSH_SIZE 62
+#define PAGE_ARRAY_ROWS 267
+#define PAGE_ARRAY_COLS 132
+wchar_t	page[PAGE_ARRAY_ROWS][PAGE_ARRAY_COLS];
 
 int	outline = 1;
 int	outcol;
@@ -158,8 +161,8 @@ void colcrt(FILE *f) {
 		}
 		switch (c) {
 		case '\n':
-			if (outline >= 265)
-				pflush(62);
+			if (outline >= (PAGE_ARRAY_ROWS - 2))
+				pflush(FLUSH_SIZE);
 			outline += 2;
 			outcol = 0;
 			continue;
@@ -170,8 +173,8 @@ void colcrt(FILE *f) {
 			c = getwc(f);
 			switch (c) {
 			case '9':
-				if (outline >= 266)
-					pflush(62);
+				if (outline >= (PAGE_ARRAY_ROWS - 1))
+					pflush(FLUSH_SIZE);
 				outline++;
 				continue;
 			case '8':
@@ -198,7 +201,7 @@ void colcrt(FILE *f) {
 			/* fallthrough */
 		default:
 			w = wcwidth(c);
-			if (outcol + w > 132) {
+			if (outcol + w > PAGE_ARRAY_COLS) {
 				outcol++;
 				continue;
 			}
@@ -207,7 +210,7 @@ void colcrt(FILE *f) {
 			if (c == '_') {
 				if (suppresul)
 					continue;
-				cp += 132;
+				cp += PAGE_ARRAY_COLS;
 				c = '-';
 			}
 			if (*cp == 0) {
@@ -250,8 +253,8 @@ void pflush(int ol)
 
 	l = ol;
 	lastomit = 0;
-	if (l > 266)
-		l = 266;
+	if (l > (PAGE_ARRAY_ROWS - 1))
+		l = PAGE_ARRAY_ROWS - 1;
 	else
 		l |= 1;
 	for (i = first | 1; i < l; i++) {
@@ -274,8 +277,8 @@ void pflush(int ol)
 		}
 		putwchar('\n');
 	}
-	memmove(page, page[ol], (267 - ol) * 132 * sizeof(wchar_t));
-	memset(page[267 - ol], '\0', ol * 132 * sizeof(wchar_t));
+	memmove(page, page[ol], (PAGE_ARRAY_ROWS - ol) * PAGE_ARRAY_COLS * sizeof(wchar_t));
+	memset(page[PAGE_ARRAY_ROWS - ol], '\0', ol * PAGE_ARRAY_COLS * sizeof(wchar_t));
 	outline -= ol;
 	outcol = 0;
 	first = 1;

From d883d64d96ab9bef510745d064a351145b9babec Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 9 Aug 2015 18:16:34 +0100
Subject: [PATCH 4/6] colcrt: avoid writing beyond array bound [afl & asan]

text-utils/colcrt.c:205:10: runtime error: index -1 out of bounds for type 'wchar_t [133]'
SUMMARY: AddressSanitizer: undefined-behavior text-utils/colcrt.c:205
=================================================================
==2357==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013811b0 at pc 0x0000004e2514 bp 0x7ffdf6ba4450 sp 0x7ffdf6ba4448
READ of size 4 at 0x0000013811b0 thread T0
    #0 0x4e2513 in colcrt /home/src/util-linux/text-utils/colcrt.c:213:8
    #1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:139:3
    #2 0x7fb77236960f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 text-utils/colcrt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index cf630c404..3cf25cbbe 100644
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -201,6 +201,8 @@ void colcrt(FILE *f) {
 			/* fallthrough */
 		default:
 			w = wcwidth(c);
+			if (w < 0)
+				continue;
 			if (outcol + w > PAGE_ARRAY_COLS) {
 				outcol++;
 				continue;

From 70e3fcf293c1827a2655a86584ab13075124a8a8 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 9 Aug 2015 18:02:18 +0100
Subject: [PATCH 5/6] colcrt: allocate enough space for data moves [afl & asan]

==2807==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013a31f0 at pc 0x0000004e3047 bp 0x7fffcb7df8d0 sp 0x7fffcb7df8c8
READ of size 4 at 0x0000013a31f0 thread T0
    #0 0x4e3046 in move /home/src/util-linux/text-utils/colcrt.c:309:13
    #1 0x4e25b1 in pflush /home/src/util-linux/text-utils/colcrt.c:264:3
    #2 0x4e246d in colcrt /home/src/util-linux/text-utils/colcrt.c:157:4
    #3 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:141:3
    #4 0x7fb0cb2ee60f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #5 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

0x0000013a31f0 is located 0 bytes to the right of global variable 'page' defined in 'text-utils/colcrt.c:73:9' (0x1380b40) of size 140976
SUMMARY: AddressSanitizer: global-buffer-overflow /home/src/util-linux/text-utils/colcrt.c:309 move

And another crash:

==4578==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013a3d24 at pc 0x0000004e2510 bp 0x7ffc9257b0e0 sp 0x7ffc9257b0d8
READ of size 4 at 0x0000013a3d24 thread T0
    #0 0x4e250f in colcrt /home/src/util-linux/text-utils/colcrt.c:218:8
    #1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:141:3
    #2 0x7fe0ac94160f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

0x0000013a3d24 is located 8 bytes to the right of global variable 'page' defined in 'text-utils/colcrt.c:73:9' (0x1381240) of size 142044
SUMMARY: AddressSanitizer: global-buffer-overflow /home/src/util-linux/text-utils/colcrt.c:218 colcrt

Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 text-utils/colcrt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index 3cf25cbbe..be7f84795 100644
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -71,7 +71,7 @@ static void __attribute__ ((__noreturn__)) usage(FILE * out);
 #define FLUSH_SIZE 62
 #define PAGE_ARRAY_ROWS 267
 #define PAGE_ARRAY_COLS 132
-wchar_t	page[PAGE_ARRAY_ROWS][PAGE_ARRAY_COLS];
+wchar_t	page[PAGE_ARRAY_ROWS + 1][PAGE_ARRAY_COLS + 1];
 
 int	outline = 1;
 int	outcol;

From cdf6406ddea76c7d8c4a8ed9d827f622bb919341 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Mon, 10 Aug 2015 22:12:03 +0100
Subject: [PATCH 6/6] tests: add colcrt regression tests

Thanks to Alaa Mubaied for providing crash1 input file making colcrt to
crash.  The crash2 was generated using American Fuzzy Lop.

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 tests/commands.sh                        |   1 +
 tests/expected/colcrt/regressions-crash1 |   1 +
 tests/expected/colcrt/regressions-crash2 | 386 +++++++++++++++++++++++
 tests/ts/colcrt/crash1                   | Bin 0 -> 314 bytes
 tests/ts/colcrt/crash2                   | Bin 0 -> 776 bytes
 tests/ts/colcrt/regressions              |  34 ++
 6 files changed, 422 insertions(+)
 create mode 100644 tests/expected/colcrt/regressions-crash1
 create mode 100644 tests/expected/colcrt/regressions-crash2
 create mode 100644 tests/ts/colcrt/crash1
 create mode 100644 tests/ts/colcrt/crash2
 create mode 100755 tests/ts/colcrt/regressions

diff --git a/tests/commands.sh b/tests/commands.sh
index bb985c7e4..737918f4b 100644
--- a/tests/commands.sh
+++ b/tests/commands.sh
@@ -37,6 +37,7 @@ TS_CMD_DELPART=${TS_CMD_DELPART:-"$top_builddir/delpart"}
 TS_CMD_BLKDISCARD=${TS_CMD_BLKID-"$top_builddir/blkdiscard"}
 TS_CMD_BLKID=${TS_CMD_BLKID-"$top_builddir/blkid"}
 TS_CMD_CAL=${TS_CMD_CAL-"$top_builddir/cal"}
+TS_CMD_COLCRT=${TS_CMD_COLCRT:-"$top_builddir/colcrt"}
 TS_CMD_COLRM=${TS_CMD_COLRM:-"$top_builddir/colrm"}
 TS_CMD_COL=${TS_CMD_COL:-"$top_builddir/col"}
 TS_CMD_COLUMN=${TS_CMD_COLUMN:-"$top_builddir/column"}
diff --git a/tests/expected/colcrt/regressions-crash1 b/tests/expected/colcrt/regressions-crash1
new file mode 100644
index 000000000..a221b56c3
--- /dev/null
+++ b/tests/expected/colcrt/regressions-crash1
@@ -0,0 +1 @@
+return value: 0
diff --git a/tests/expected/colcrt/regressions-crash2 b/tests/expected/colcrt/regressions-crash2
new file mode 100644
index 000000000..a4472fa29
--- /dev/null
+++ b/tests/expected/colcrt/regressions-crash2
@@ -0,0 +1,386 @@
+        
+
+FGHIKIJKN\|
+
+MN9|    
+XYZRnT RnTUV|   NXP:w|  
+
+MN
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+'QRnTUVWXYZQRnTU|
+
+MN9|    
+|       
+
+return value: 0
diff --git a/tests/ts/colcrt/crash1 b/tests/ts/colcrt/crash1
new file mode 100644
index 0000000000000000000000000000000000000000..668118134ef6a76439c0741e0f4cfa8514da02b9
GIT binary patch
literal 314
zcmazS#|{_-u#1x?8cv=zB6RT+p$1(Es-E~z>v$jlkuLG^X$S^T5G(+s?c(DV6yhDi
P<KtuNfL!nR_$hS&Rqrbz

literal 0
HcmV?d00001

diff --git a/tests/ts/colcrt/crash2 b/tests/ts/colcrt/crash2
new file mode 100644
index 0000000000000000000000000000000000000000..0843cb677a52068f453b6aa3705cbb75a5333f55
GIT binary patch
literal 776
zcmZQzWMbyv<Z^TO@MQ4z^zvr#ixCrNVUUux6kw<UN^$x6L0Oz!5s^_rc_9iw92y3e
z<n)UOuqsDU&k58Z%SB%xLSO3!t8KDW0P5tM5eQBf;lM-!X5mUf@x-Jc{{Rek=wXOZ
IQQ)jB08vdz82|tP

literal 0
HcmV?d00001

diff --git a/tests/ts/colcrt/regressions b/tests/ts/colcrt/regressions
new file mode 100755
index 000000000..067523f08
--- /dev/null
+++ b/tests/ts/colcrt/regressions
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+#
+# This file is part of util-linux.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+TS_TOPDIR="${0%/*}/../.."
+TS_DESC="regressions"
+
+. $TS_TOPDIR/functions.sh
+ts_init "$*"
+
+ts_check_test_command "$TS_CMD_COLCRT"
+
+check_input_file() {
+	ts_init_subtest ${1##*/}
+	$TS_CMD_COLCRT < $1 > $TS_OUTPUT 2>&1
+	echo "return value: $?" >> $TS_OUTPUT
+	ts_finalize_subtest
+}
+
+check_input_file "$TS_SELF/crash1"
+check_input_file "$TS_SELF/crash2"
+
+ts_finalize