Busybox 1.1.0 tr problem

Thu Jan 19 08:31:34 UTC 2006

Hi Rob,

>> 1) tr "[0-9]"   Segmentation fault (core dumped)

> I'm still not getting this segfault.  What's your build environment?
(uclibc?
> gcc4?)
gcc 3.4.5 mipsel, uClibc 0.9.28, Busybox 1.10 rel.

> > 2) tr "\[0"     did not work
> What was it supposed to do?
I ment:

echo "abc[defg" | tr '[ab\[]' 'x'   should print: xxcxdefg
or
echo "abc[defg" | tr '\[a' 'x'   should print: xbcxdefg

>> I know it's a hack but it should work.
>>
>> The bb_process_escape_sequence function returns '\' if you use is on an
>> expression like "\[".
>> It behaves like this on every escape sequence not known.

> I'd like to get this fixed, but I'm not quite sure I understand the
problem
> yet.  (I've had taking a closer look at process_escape_sequence() on my
todo
> list for a while, but I don't have a reproduction sequence for your
problem.)

> Hmmm...  According to svn the last time process_escpae_sequence.c was
touched
> was 7/29/2004, which was before 1.00 shipped.  And if I'm going to change
the
> behavior, I need to audit all the existing users of it...
This is korrekt. the function bb_process_escape_sequence() is missused. As
you
can see only

            'a',  'b',  'f',  'n',  'r',  't',  'v',  '\\', 0,
            '\a', '\b', '\f', '\n', '\r', '\t', '\v', '\\', '\\' };

are excaped. Alle other excape sequences will be returned as ´\´.
Check line 97 in file process_escape_seqeunce.c

      if (num_digits == 0) {  /* mnemonic escape sequence? */
            p = charmap;
            do {
                  if (*p == *q) {
                        q++;
                        break;
                  }
            } while (*++p);
            n = *(p+(sizeof(charmap)/2));
      }

      *ptr = q;

      return (char) n;

If non matches 'p' will point to '0'. Therefor n will be '\'
/*--- n = *(p+(sizeof(charmap)/2)) ---*/

My hack ist a simple workaround. I check wether process_escape_seqeunce()
returns '\'.
If so I just skip ´\´. The next character will be processed.

Sorry, my comments have been in german. I just copied it out of our souce
code.

>  /*--- pp_process_escape_sequence verhaelt sich fehlerhaft, wenn es
nichst zu excapen gibt ---*/
pp_process_escape_sequence will fail if nothing is excaped.

> /*--- *buffer++ = '['; ---*//* m.pommerenke at avm.de: war immer in der
auswahl vorhanden */
'[' was always in selection (selection of character to be changed, droped
or so).

> arg -= 1; /* m.pommerenke at avm.de: org 2 ==> dann aber endlosschleife */
in original it had beed 2, but in this case we would have a endless loop.

> } else if (*arg == ']') {  /* m.pommerenke at avm.de: war immer in der
auswahl vorhanden */
']' was always in selection (selection of character to be changed, droped
or so)

Martin

             Rob Landley                                                   
             <rob at landley.net>                                             
                                                                        An 
             18.01.2006 17:37           busybox at busybox.net                
                                                                     Kopie 
                                        m.pommerenke at avm.de, Henry Pan     
                                        <pank at pank.org>                    
                                                                     Thema 
                                        Re: Busybox 1.1.0 tr problem       

On Wednesday 18 January 2006 05:21, m.pommerenke at avm.de wrote:
> Hi Henry,
>
> > # echo abc123 | busybox tr -d "[0-9]"
> > Segmentation fault (core dumped)
>
> we have fixed this already.

Cool, I'm glad somebody could reproduce it.

> 1) tr "[0-9]"   Segmentation fault (core dumped)

I'm still not getting this segfault.  What's your build environment?
(uclibc?
gcc4?)

> 2) tr "\[0"     did not work

What was it supposed to do?

> I know it's a hack but it should work.
>
> The bb_process_escape_sequence function returns '\' if you use is on an
> expression like "\[".
> It behaves like this on every escape sequence not known.

I'd like to get this fixed, but I'm not quite sure I understand the problem

yet.  (I've had taking a closer look at process_escape_sequence() on my
todo
list for a while, but I don't have a reproduction sequence for your
problem.)

Hmmm...  According to svn the last time process_escpae_sequence.c was
touched
was 7/29/2004, which was before 1.00 shipped.  And if I'm going to change
the
behavior, I need to audit all the existing users of it...

> static unsigned int expand(const char *arg, register unsigned char
*buffer)
> {
>       unsigned char *buffer_start = buffer;
>       int i, ac;

Could you send me a patch so I can see what changed?  Your comments imply
it's
just this:

>             /*--- pp_process_escape_sequence verhaelt sich fehlerhaft,
wenn
> es nichst zu excapen gibt ---*/
>             *buffer = bb_process_escape_sequence(&arg);
>             if((*buffer == '\\') && (save != '\\')) { /* HACK */
>                 *buffer = save;
>             }

and this:

>                   if (*arg++ != '-') {
>                         /*--- *buffer++ = '['; ---*//*
m.pommerenke at avm.de:
> war immer in der auswahl vorhanden */
>                         arg -= 1; /* m.pommerenke at avm.de: org 2 ==> dann
> aber endlosschleife */
>                         continue;
>                   }
>                   i = *arg++;
>                   ac = *arg++;
>                   while (i <= ac)
>                         *buffer++ = i++;
>                   arg++;                        /* Skip the assumed ']'
*/
>             } else if (*arg == ']') {  /* m.pommerenke at avm.de: war immer
in
> der auswahl vorhanden */
>             *arg++;
>             } else
>                   *buffer++ = *arg++;
>       }

But icht sprecht keine deutsch, so I have no idea what the comments say.
(Will ponder after lunch.)

Rob
--
Steve Ballmer: Innovation!  Inigo Montoya: You keep using that word.
I do not think it means what you think it means.