[PATCH] fix minor memory issues in vi and cpio
Sarah Harris
S.E.Harris at kent.ac.uk
Thu Jun 24 11:30:52 UTC 2021
No, the write here:
while (isalnum_(*++p)) {
--> p[-1] = *p;
}
I can demonstrate my example by adding some printf's.
With the attached patch applied, the command "./busybox awk -e foo" produces this output:
argv[0]: 0x7ffec28dde2d "awk"
argv[1]: 0x7ffec28dde31 "-e"
argv[2]: 0x7ffec28dde34 "foo"
program: 0x7ffec28dde34 "foo"
write: 0x7ffec28dde33 0x00
write: 0x7ffec28dde34 f 0x66
write: 0x7ffec28dde35 o 0x6f
The first write to p[-1] is before argv[2] (i.e. before the program buffer), and overwrites the null at the end of argv[1].
This probably works, so long as argv[1] is always there to overwrite and isn't read afterward.
Kind regards,
Sarah Harris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug.patch
Type: text/x-patch
Size: 770 bytes
Desc: debug.patch
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20210624/a70931e4/attachment-0001.bin>
More information about the busybox
mailing list