DragonFly bugs List (threaded) for 2004-02
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: backquote expansion bug in /bin/sh ( fix included )

From:	"Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date:	Thu, 5 Feb 2004 10:28:01 +0100

On 05.02.2004, at 02:35, Vincent Labrecque wrote:

"/usr/bin/cvs" -z3 -Q diff -N -b -B -kk  -r 1.3 -r 1.3.2.1 "expand.c"
Index: expand.c
===================================================================
RCS file: /usr/dfly/repo/src/bin/sh/expand.c,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -b -B -r1.3 -r1.3.2.1
472c472
<       for (p--; lastc == '\n'; lastc = *--p)
---
for ( ; *(dest-1) == '\n' ; )
It lacks some bounds checking. Under sucky circumstances both old and
new version will eat back up the stack...
How about (didn't try tho):

while (*(dest - 1) == '\n' && dest - stackblock() > startloc)
Hm, i'd put the bound checking _before_ the *(dest-1) access, otherwise it's a bit useless.

True, true... I somehow thought this way round would be better, but don't ask me how I came to this conclusion... Late night logic :)

cheers
  simon

--
/"\   http://corecode.ath.cx/#donate
\ /
 \     ASCII Ribbon Campaign
/ \  Against HTML Mail and News

Attachment: PGP.sig
Description: This is a digitally signed message part

References:
- backquote expansion bug in /bin/sh ( fix included )
  - From: Andrew Atrens
- Re: backquote expansion bug in /bin/sh ( fix included )
  - From: Simon 'corecode' Schubert

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]