>Number:         28416
>Category:       bin
>Synopsis:       patch(1) argument handling is broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 24 19:45:00 +0000 2004
>Originator:     Arto Huusko
>Release:        NetBSD 2.99.10
>Organization:
>Environment:
System: NetBSD maailma.yok.utu.fi 2.99.10 NetBSD 2.99.10 (MAAILMA) #0: Sat Nov 20 16:25:03 EET 2004 root@lady:/local/netbsd/current/alpha/obj/sys/arch/alpha/compile/MAAILMA alpha
Architecture: alpha
Machine: alpha

/usr/bin/patch:
     $NetBSD: crt0.c,v 1.24 2003/07/26 19:24:25 salo Exp $
     $NetBSD: patch.c,v 1.21 2004/08/14 12:53:35 cube Exp $
     $NetBSD: pch.c,v 1.19 2003/07/30 08:51:04 itojun Exp $
     $NetBSD: inp.c,v 1.17 2003/07/30 08:51:04 itojun Exp $
     $NetBSD: version.c,v 1.6 2003/07/12 13:47:44 itojun Exp $
     $NetBSD: util.c,v 1.20 2004/10/30 21:52:09 dsl Exp $
     $NetBSD: backupfile.c,v 1.13 2003/07/30 08:51:04 itojun Exp $
>Description:
	patch(1) command line argument handling is broken.

	Several switches in function get_some_switches() use code
	which is like follows:

		case 'x':
			do_some_processing_on_switch_params();
			s = "";	/* the bad thing! */
			break;

	After switch statement, there is the follwing code, apparently
	to get potentially next switch:

		opt = *++s;

	When s == "", s == {\0}, so s[1] (what the above expression is
	equivalent to) points to something which could be anything.
	On the binary I compiled for alpha, it is 'C'.

	This also results in confusing error report from case: label,
	where it reports Argv[0] as invalid option.. but I guess this
	is to be expected, since the code is broken otherwise.
>How-To-Repeat:
	On alpha, for example:

		$ patch -F0
		patch: unrecognized option '-F0'
>Fix:
	Not provided. As a funky workaround, replace s = "" with s = "\0\0".