I can confirm that this happens on latest git-version and was able to track this one down to shell/ash.c, line 12970.
The attached patch solves the issue. Am 01.07.2017 um 02:52 schrieb Martijn Dekker: > The trap builtin produces the following and aborts the shell if you give > it an invalid signal number (> 64). Confirmed on Busybox ash down to 1.20.0. > > $ ./ash -c 'trap - 65' > *** glibc detected *** ./busybox: free(): invalid pointer: > 0x0000000001ee50e8 *** > ======= Backtrace: ========= > /lib64/libc.so.6(+0x7a0e5)[0x7faabcb630e5] > /lib64/libc.so.6(cfree+0x73)[0x7faabcb66ef3] > ./busybox[0x4071e2] > ======= Memory map: ======== > 00400000-00416000 r-xp 00000000 08:11 14287855 > /usr/local/src/busybox/git/busybox/busybox > 00615000-00616000 rw-p 00015000 08:11 14287855 > /usr/local/src/busybox/git/busybox/busybox > 01ee5000-01f06000 rw-p 00000000 00:00 0 > [heap] > 7faab8000000-7faab8021000 rw-p 00000000 00:00 0 > 7faab8021000-7faabc000000 ---p 00000000 00:00 0 > 7faabc8c9000-7faabc8df000 r-xp 00000000 08:11 12200180 > /usr/local/lib64/libgcc_s.so.1 > 7faabc8df000-7faabcade000 ---p 00016000 08:11 12200180 > /usr/local/lib64/libgcc_s.so.1 > 7faabcade000-7faabcadf000 rw-p 00015000 08:11 12200180 > /usr/local/lib64/libgcc_s.so.1 > 7faabcae9000-7faabcc87000 r-xp 00000000 08:11 11545243 > /lib64/libc-2.13.so > 7faabcc87000-7faabce87000 ---p 0019e000 08:11 11545243 > /lib64/libc-2.13.so > 7faabce87000-7faabce8b000 r--p 0019e000 08:11 11545243 > /lib64/libc-2.13.so > 7faabce8b000-7faabce8c000 rw-p 001a2000 08:11 11545243 > /lib64/libc-2.13.so > 7faabce8c000-7faabce92000 rw-p 00000000 00:00 0 > 7faabce99000-7faabceba000 r-xp 00000000 08:11 11555357 > /lib64/ld-2.13.so > 7faabd0b9000-7faabd0ba000 r--p 00020000 08:11 11555357 > /lib64/ld-2.13.so > 7faabd0ba000-7faabd0bc000 rw-p 00021000 08:11 11555357 > /lib64/ld-2.13.so > 7faabd0be000-7faabd0c2000 rw-p 00000000 00:00 0 > 7ffc99f7b000-7ffc99f90000 rw-p 00000000 00:00 0 > [stack] > 7ffc99fe1000-7ffc99fe3000 r-xp 00000000 00:00 0 > [vdso] > ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 > [vsyscall] > Afgebroken > _______________________________________________ > busybox mailing list > [email protected] > http://lists.busybox.net/mailman/listinfo/busybox > -- \\\||/// \\ - - // ( @ @ ) -oOo--( )--oOo------------------------------------------------------- tiggersWelt.net www.tiggersWelt.net Inhaber Bernd Holzmüller [email protected] Büro: 07 11 / 550 425-90 Marktstraße 57 Fax: 07 11 / 550 425-99 70372 Stuttgart
From 19a8659b9e26af98fe9f5f4812e71b72089a4f81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernd=20Holzm=C3=BCller?= <[email protected]> Date: Sat, 1 Jul 2017 13:22:01 +0200 Subject: [PATCH] Check upper end of signo too --- shell/ash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell/ash.c b/shell/ash.c index 9681111cc..c58429c6b 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -12967,7 +12967,7 @@ trapcmd(int argc UNUSED_PARAM, char **argv UNUSED_PARAM) exitcode = 0; while (*ap) { signo = get_signum(*ap); - if (signo < 0) { + if ((signo < 0) || (signo >= NSIG)) { /* Mimic bash message exactly */ ash_msg("%s: invalid signal specification", *ap); exitcode = 1; -- 2.13.1
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
