Rich Felker wrote: >In general alloca is unsafe. It's not obvious to me what the code here >is doing, so I can't tell for sure if it's safe or not, but I think >this needs a strong justification of safety before being acceptable.
It's a parser for a POSIXy shell, I doubt that the code is obvious to anyone. My understanding is that it's reading a token and has got to the point where a command substitution has been detected. It wants to save the bit of the token it's already processed. So if we have echo "very long string"`date` the code would allocate space for the very long string. (Putting a space between the string and the substitution makes two separate tokens so no allocation would be required. And the first part doesn't have to be a string literal, that's just an example, it can consist of other stuff, so long as it's all treated as making one token.) Is this safe? In most cases it probably is, but not if the script is malicious. If the very long string is too big for your stack you get a seg fault or worse. With a suitably long string and small stack I can reliably crash dash. Ron _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox