Package: bash
Version: 4.1-3
Followup-For: Bug #615880
I noticed this with /anfs (becomes "afss" with \W) and it seems to occur only
for 4 and 5 letter directory names in /.
My collegue Tim Deegan and I looked at little at this and in the handling of
'W' in parse.y:decode_prompt_string() there is:
#define ROOT_PATH(x) ((x)[0] == '/' && (x)[1] == 0)
#define DOUBLE_SLASH_ROOT(x) ((x)[0] == '/' && (x)[1] == '/' &&
(x)[2] == 0)
/* Abbreviate \W as ~ if $PWD == $HOME */
if (c == 'W' && (((t = get_string_value ("HOME")) == 0)
|| STREQ (t, t_string) == 0))
{
if (ROOT_PATH (t_string) == 0 && DOUBLE_SLASH_ROOT
(t_string) == 0)
{
t = strrchr (t_string, '/');
if (t)
strcpy (t_string, t + 1);
}
}
#undef ROOT_PATH
#undef DOUBLE_SLASH_ROOT
That "strcpy (t_string, t + 1);" is overlapping since if
t_string = { '/', 'b', 'o', 'o', 't' };
then the
t = strrchr (t_string, '/');
is effectively
t = &t_string[1];
and therefore the strcpy overlaps. strcpy(3) says "The strings may not overlap".
IOW this is the same class of bug as the memmove vs. memcpy thing which was
recently all over the news.
Ian.
-- System Information:
Debian Release: wheezy/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages bash depends on:
ii base-files 6.5 Debian base system miscellaneous f
ii dash 0.5.5.1-7.4 POSIX-compliant shell
ii debianutils 4.0.2 Miscellaneous utilities specific t
ii libc6 2.13-16 Embedded GNU C Library: Shared lib
ii libncurses5 5.9-1 shared libraries for terminal hand
Versions of packages bash recommends:
ii bash-completion 1:1.3-1 programmable completion for the ba
Versions of packages bash suggests:
pn bash-doc <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
