Applied, thank you
On Wed, Jun 23, 2021 at 5:54 PM Sarah Harris <[email protected]> wrote:
>
> These two patches fix minor memory bugs, and are attached to avoid mangling
> by the university email system.
> Both bugs can be observed with Valgrind as follows:
>
> $ echo busybox | ./busybox cpio -F test.cpio -H newc -o
> $ valgrind ./busybox cpio -F test.cpio -t
> Causes strlen to read beyond the 110 byte header buffer
> (archival/libarchive/get_header_cpio.c:46)
> This depends on the implementation of sscanf, Linux glibc 2.32 on x86-64 and
> FreeBSD 13 libc on aarch64 both exhibited this behaviour in my testing.
>
> $ valgrind ./busybox vi
> Type 'i' and then esc, causes a read just before the text buffer
> (editors/vi.c:2147)
>
> Additionally, there appears to be a similar issue in awk which is *not*
> reported by Valgrind:
> $ ./busybox awk -e foo
> Appears to write before program buffer (editors/awk.c:1222)
This?
/* is it a name? (var/array/function) */
if (!isalnum_(*p))
syntax_error(EMSG_UNEXP_TOKEN); /* no */
/* yes */
t_string = --p;
while (isalnum_(*++p)) {
p[-1] = *p;
}
---> p[-1] = '\0';
This write is not before program buffer.
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
