tar segfaults (busybox 1.8.1)
walter harms
wharms at bfs.de
Fri Nov 16 18:23:38 UTC 2007
Tito wrote:
>
> Hi,
> by compiling the latest svn i get this warning:
>
> CC archival/tar.o
> archival/tar.c: In function ‘writeFileToTarball’:
> archival/tar.c:183: warning: call to __builtin___strcpy_chk will always overflow destination buffer
> AR archival/lib.a
> LINK busybox_unstripped
> Trying libraries: crypt m
> Library crypt is needed
> Library m is needed
> Final link with: crypt m
>
>
> and after changing the line 183 of tar.c
>
> - strcpy(hp->magic, "ustar ");
> + strcpy(hp->magic, "ustar");
>
> there is no segfault due to the fact
> that the size of hp->magic is
>
> char magic[6]; /* 257-262 */
>
> root at localhost:~/Desktop/busybox# touch a s d
> root at localhost:~/Desktop/busybox# ./busybox tar cf test.tar a s d
> root at localhost:~/Desktop/busybox# ls -la test.tar
> -rw-r--r-- 1 root root 2560 2007-11-16 14:15 test.tar
>
>
> I cannot say if this fix is correct or if maybe it should be
> done the other way by increasing the size of char magic
> to 8.
>
>
hi tito,
this is a classical bug. :)
i vote for: prevent the next overflow.
strncpy(hp->magic, "ustar",sizeof(hp->magic));
re,
walter
More information about the busybox
mailing list