On Sun, Dec 4, 2016 at 4:43 AM, Denys Vlasenko <[email protected]> wrote: > On Sun, Dec 4, 2016 at 3:45 AM, Daniel Sabogal <[email protected]> wrote: >> On Thu, Dec 1, 2016 at 3:13 PM, Daniel Sabogal <[email protected]> wrote: >>> On Wed, Nov 30, 2016 at 5:52 PM, Denys Vlasenko >>> <[email protected]> wrote: >>>> On Wed, Nov 30, 2016 at 3:46 AM, Daniel Sabogal <[email protected]> >>>> wrote: >>>>> The following commands cause busybox to segfault on musl-based systems. >>>>> >>>>> $ install -D a / >>>>> $ install -D a /b >>>>> $ install -D a /b/ >>>>> >>>>> This happens because the code in >>>>> >>>>> https://git.busybox.net/busybox/tree/coreutils/install.c?h=1_25_1#n196 >>>>> >>>>> passes the result of dirname() to bb_make_directory() which modifies its >>>>> contents. For paths of the above forms, musl's dirname returns a string >>>>> literal "/" which shouldn't be modified. >>>>> >>>>> See http://git.musl-libc.org/cgit/musl/tree/src/misc/dirname.c >>>>> >>>>> There are a few other occurrences of the code shown above, but I've not >>>>> checked to see if they could be made to segfault. >>>> >>>> Does this fix the problem? >>>> >>>> /* Bypass leading non-'/'s and then subsequent >>>> '/'s */ >>>> while (*s) { >>>> if (*s == '/') { >>>> do { >>>> ++s; >>>> } while (*s == '/'); >>>> c = *s; /* Save the current char */ >>>> ====added line==> if (c) >>>> *s = '\0'; /* and >>>> replace it with nul */ >>>> break; >>> >>> This does prevent the segfault, but I'm not sure if depending on being able >>> to >>> modify the result of dirname() is reliable. >> >> https://git.busybox.net/busybox/commit/?id=cf2600c3661c11491a838ef29733583afb6ad968 >> >> There are other occurrences of dirname + bb_make_directory that may have >> this issue. >> >> The following also segfaults. >> >> $ cp --parents a / > > Indeed. > > I moved the check into bb_make_directory(), please try now.
I suppose the issue is fixed. The above commands no longer result in a segfault. Thanks, _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
