Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a memory leak and an access out of bounds #2

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

asammouda
Copy link

No description provided.

@asammouda
Copy link
Author

Missing fclose

@asammouda
Copy link
Author

iso9660: hs.id Buffer is accessed out of bounds when its content is compared to "CDROM"

@asammouda asammouda changed the title applets: Missing fclose Fix a memory leak and an access out of bounds Feb 15, 2017
okuoku pushed a commit to okuoku/wasmlinux-busybox that referenced this pull request Nov 12, 2023
When I planned to print the command in read_line_input, I found that after
the system started, the command printed for the first time was always
garbled.

After analysis, it is found that in the init() function of ash, the
variable basepf.buf is not initialized after applying for memory, resulting
in garbled initial data. Then assign it to the global variable
g_parsefile->buf in ash.c, and then pass g_parsefile->buf to the parameter
command of the function read_line_input in the function preadfd(), and
finally cause it to be garbled when the command is printed by
read_line_input.

The call stack is as follows:
 #0  read_line_input (st=0xb6fff220, prompt=0xb6ffc910 "\\[\\033[32m\\]\\h \\w\\[\\033[m\\] \\$ ", command=command@entry=0xb6ffc230 "P\325\377\266P\325\377\266", maxsize=maxsize@entry=1024) at libbb/lineedit.c:2461
 mirror#1  0x0043ef8c in preadfd () at shell/ash.c:10812
 mirror#2  preadbuffer () at shell/ash.c:10914
 mirror#3  pgetc () at shell/ash.c:10997
 mirror#4  0x00440c20 in pgetc_eatbnl () at shell/ash.c:11039
 mirror#5  0x00440cbc in xxreadtoken () at shell/ash.c:13157
 mirror#6  0x00440f40 in readtoken () at shell/ash.c:13268
 mirror#7  0x00441234 in list (nlflag=nlflag@entry=1) at shell/ash.c:11782
 mirror#8  0x004420e8 in parsecmd (interact=<optimized out>) at shell/ash.c:13344
 mirror#9  0x00442c34 in cmdloop (top=top@entry=1) at shell/ash.c:13549
 mirror#10 0x00444e4c in ash_main (argc=<optimized out>, argv=0x444e4c <ash_main+1328>) at shell/ash.c:14747
 mirror#11 0x00407954 in run_applet_no_and_exit (applet_no=9, name=<optimized out>, argv=0xbefffd34) at libbb/appletlib.c:1024
 mirror#12 0x00407b68 in run_applet_and_exit (name=0xbefffe56 "ash", argv=0x9) at libbb/appletlib.c:1047
 mirror#13 0x00407f88 in main (argc=<optimized out>, argv=0xbefffd34) at libbb/appletlib.c:1181

Fixes: 82dd14a ("ash: use CONFIG_FEATURE_EDITING_MAX_LEN")

Signed-off-by: zhuyan <[email protected]>
Signed-off-by: Denys Vlasenko <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant