The memory allocation of arg_add() should be in sync with what is used e.g.
in parse_line(). The allocation In parse_line() just reserved on arg, but
arg_add() assumed 32 args have been reserved. The result was a memory
corruption.
---
toys/pending/sh.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/toys/pending/sh.c b/toys/pending/sh.c
index c3c081a5..ffe1fc00 100644
--- a/toys/pending/sh.c
+++ b/toys/pending/sh.c
@@ -434,9 +434,7 @@ static char **nospace(char **ss)
// append to array with null terminator and realloc as necessary
static void arg_add(struct sh_arg *arg, char *data)
{
- // expand with stride 32. Micro-optimization: don't realloc empty stack
- if (!(arg->c&31) && (arg->c || !arg->v))
- arg->v = xrealloc(arg->v, sizeof(char *)*(arg->c+33));
+ arg->v = xrealloc(arg->v, sizeof(char *)*(arg->c+2));
arg->v[arg->c++] = data;
arg->v[arg->c] = 0;
}
--
2.25.1
_______________________________________________
Toybox mailing list
[email protected]
http://lists.landley.net/listinfo.cgi/toybox-landley.net
