I can confirm the bug:
There is a blatant stack overflow in the ubuntu 17.10 sources
(findutils-4.6.0+git+20170729):
file "find/print.c", function "static char* format_date", line 614 and following
char fmt[6];
/* a few lines later */
strcpy(fmt, "%Y-%m-%d+%T");
that is string is longer than 5 characters
that call should be strncpy anyway
the non-crashing versions (previous ubuntu, also official GNU sources
4.6.0) instead have
strcpy (fmt, "%F+%T");
which does fit exactly into a six byte buffer
The obvious fix is to increase the size of fmt to hold the longer string
there is a comment in the new sources, explaining the motivation
/* Avoid %F, some Unix versions lack it. For example:
HP Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 17 22:59:59 CST 2016
Also, some older HP-UX versions expand %F as the full month (like %B).
Reported by Steven M. Schweda <s...@antinode.info> */
** Bug watch added: Debian Bug tracker #873032
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873032
** Bug watch added: GNU Savannah Bug Tracker #51841
http://savannah.gnu.org/bugs/?51841
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1730696
Title:
*** buffer overflow detected ***: find terminated
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/findutils/+bug/1730696/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
