[BusyBox 0004124]: ls --color reads uninitialized memory
bugs at busybox.net
bugs at busybox.net
Tue Jul 15 23:49:55 PDT 2008
The following issue has been CLOSED
======================================================================
http://busybox.net/bugs/view.php?id=4124
======================================================================
Reported By: cristic
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 4124
Category: Other
Reproducibility: always
Severity: minor
Priority: normal
Status: closed
Resolution: open
Fixed in Version:
======================================================================
Date Submitted: 07-14-2008 19:48 PDT
Last Modified: 07-15-2008 23:49 PDT
======================================================================
Summary: ls --color reads uninitialized memory
Description:
Hello, "ls --color" in busybox-1.11.1 reads uninitialized memory. The
--color option requires an argument in busybox, but busybox-1.11.1 does
not validate this. Thus, in ls.c, color_opt points to garbage memory, and
the strcmp() calls on lines 895, 897 and 899 in ls.c may read unitialized
memory. GNU coreutils assumes "always" when no argument is passed to
color.
Cristian
======================================================================
----------------------------------------------------------------------
vda - 07-14-08 22:22
----------------------------------------------------------------------
Please test attached 8.patch
----------------------------------------------------------------------
cristic - 07-15-08 23:29
----------------------------------------------------------------------
Thanks for the quick fix. This patch looks fine; it does solve the
problem with reading uninitialized memory, and our tool hasn't found other
memory problems in ls yet (but I'm still running it). One small issue is
that the code accepts invalid color attributes, which GNU Coreutils
rejects (e.g., ls --color=blah), but this is a minor issue.
----------------------------------------------------------------------
vda - 07-15-08 23:49
----------------------------------------------------------------------
Fixed in svn. --color=bogus is not a problem, it doesn't break
compatibility: I seriously doubt anyone depends on GNU ls erroring out on
that. :)
Issue History
Date Modified Username Field Change
======================================================================
07-14-08 19:48 cristic New Issue
07-14-08 19:48 cristic Status new => assigned
07-14-08 19:48 cristic Assigned To => BusyBox
07-14-08 22:21 vda File Added: 8.patch
07-14-08 22:22 vda Note Added: 0009314
07-15-08 17:22 cristic Issue Monitored: cristic
07-15-08 23:23 cristic Note Added: 0009344
07-15-08 23:29 cristic Note Edited: 0009344
07-15-08 23:49 vda Status assigned => closed
07-15-08 23:49 vda Note Added: 0009354
======================================================================
More information about the busybox-cvs
mailing list