Re: [Bug-gnulib] getline bugfix submitted via findutils

[Bruno Haible]

> The error does occur in the current released version (ie 4.1.7)

IMO the fix should go into the function that calls getstr() or getndelim2().

The getndelim2() function is meant to be used after the caller has already
stored OFFSET bytes on his own and wants to read further bytes into the same
array.

With the patch that you gave, when OFFSET > *LINESIZE, the first realloc
call allocates OFFSET - *LINESIZE bytes with uninitialized memory. Does the
caller handle a string, consisting of N initialized bytes, followed
by OFFSET - N uninitialized bytes, followed by some initialized
bytes, correctly? No it doesn't. A look at findutils-4.1.7/locate/locate.c
line 322 reveals that, of course, it assumes that the whole line is
initialized data.

The real bug is in findutils-4.1.7/locate/locate.c line 320, the fact
that the 'count' read from the file is not verified in any way. If it is
not in bounds, 'locate' should give an error message saying "locatedb
corrupted".

Bruno