M NEWS => NEWS +4 -0
@@ 21,6 21,10 @@ GNU coreutils NEWS -*- outline -*-
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
+ split --line-bytes with a mixture of very long and short lines
+ no longer overwrites the heap (CVE-2024-0684).
+ [bug introduced in coreutils-9.2]
+
tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
M tests/split/line-bytes.sh => tests/split/line-bytes.sh +12 -0
@@ 84,4 84,16 @@ for b in $(seq 10); do
compare no_eol_splits_exp no_eol_splits || fail=1
done
+# Test hold buffer management with --lines-bytes.
+# The following triggers (with ASAN) a heap overflow issue
+# between coreutils 9.2 and 9.4 inclusive.
+printf '%131070s\n' '' >expaa || framework_failure_
+printf 'x\n' >expab || framework_failure_
+printf '%131071s\n' '' >expac || framework_failure_
+cat expaa expab expac >bigin || framework_failure_
+split -C 131072 ---io=131072 bigin || fail=1
+compare expaa xaa || fail=1
+compare expab xab || fail=1
+compare expac xac || fail=1
+
Exit $fail