From: Mike Frysinger Date: Sat, 26 Dec 2009 19:56:54 +0000 (-0500) Subject: pg: command enters infinite loop X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45b1087e74075b815e66edf225e0b8bc46a855fb;p=util-linux pg: command enters infinite loop In a multibyte locale such as en_GB.UTF-8, the pg command cannot handle files containing a form feed character (ASCII 0x0c) at the start of a line. The program enters an infinite loop. I've traced the problem to the function endline_for_mb in file pg.c. The code assumes that the libc function wcwidth will return a nonnegative value, which is not true for a form feed character. wcwidth returns -1 and the unsigned variable "pos" goes into underflow. I'll attach a patch which tests whether the character is printable before calling wcwidth. If not, it uses instead the width of the constant L'?' which is later used to replace nonprintable characters. I trust that we can assume printability of this constant :-) Steps to Reproduce: 1. Select a multibyte locale (tested with en_GB.UTF-8) 2. Create a file with a form feed character (0x0c) at the start of a line. 3. Try to display this file using the pg command. Reported-by: Mark Calderbank Reported-by: Mike Frysinger Addresses: https://bugs.gentoo.org/297717 Signed-off-by: Karel Zak --- diff --git a/text-utils/pg.c b/text-utils/pg.c index b2c4d873..24c12217 100644 --- a/text-utils/pg.c +++ b/text-utils/pg.c @@ -448,7 +448,10 @@ endline_for_mb(unsigned col, char *s) pos += TABSIZE - (pos % TABSIZE); break; default: - pos += wcwidth(*p); + if (iswprint(*p)) + pos += wcwidth(*p); + else + pos += wcwidth(L'?'); } if (pos > col) { if (*p == L'\t')