Buffer overflow in vfs_parse_ls_lga

[zaytsev]

Found in Alpine/musl on s390x, confirmed on aarch64 using valgrind - introduced in 65a7278d8a34abe804299d721749bc747e4a4833:

==156518== Invalid read of size 1
==156518==    at 0x413BE0: vfs_parse_ls_lga (parse_ls_vga.c:863)
==156518==    by 0x4076C3: process_ls_line (mc_parse_ls_l.c:350)
==156518==    by 0x4076C3: process_input (mc_parse_ls_l.c:376)
==156518==    by 0x40736B: main (mc_parse_ls_l.c:404)
==156518==  Address 0x536be6f is 1 bytes before a block of size 2 alloc'd
==156518==    at 0x48854F0: malloc (vg_replace_malloc.c:446)
==156518==    by 0x4CF4FCB: g_malloc (gmem.c:100)
==156518==    by 0x4D0E99B: g_strdup (gstrfuncs.c:323)
==156518==    by 0x413887: g_strdup_inline (gstrfuncs.h:321)
==156518==    by 0x413887: vfs_parse_ls_lga (parse_ls_vga.c:848)
==156518==    by 0x4076C3: process_ls_line (mc_parse_ls_l.c:350)
==156518==    by 0x4076C3: process_input (mc_parse_ls_l.c:376)
==156518==    by 0x40736B: main (mc_parse_ls_l.c:404)

​https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/79071

[zaytsev]

Branch: 4642_fix_overflow
Changeset: 18079626c6d49a519da51ab6eeead1f0dc44e713

Caused by int -> size_t conversion and --p2 > 0 expression. I don't remove consecutive \n\n, \r\r and \n\r, only \n, \r and \r\n. My understanding is that this is the desired behavior.

Please ignore the formatting, I will rebase after #4592.

[andrew_b]

Some suggestions

• find a more specific name for str_chomp(), since it remove a single trailing EOL not all;
• rename tests/lib/strutil/strutil.c to tests/lib/strutil/str_chomp.c;
• fix copyright year and "Written by" in tests/lib/strutil/strutil.c.