Re: Rergession in readcmd (commit 55c46b7)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alexey Gladkov <gladkov.alexey@xxxxxxxxx> wrote:
> 
> I found another example:
> 
> $ tr -d '[:print:]' < /etc/passwd |tr -d '\t\n' |wc -c
> 0
> 
> $ dash -c 'while read o p; do printf "[%s] [%s]\n" "$o" "$p"; done <
> /etc/passwd' |tr -d '[:print:]' |tr -d '[:space:]' |wc -c
> 61
> 
> bug is not fixed yet :(

This bug is caused by an off-by-one error in the recordregion
call in readcmd.  It included the terminating NUL in the region
which causes ifsbreakup to include the string after it for scanning.

Setting the correct length fixes the problem.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

diff --git a/ChangeLog b/ChangeLog
index fabb0e1..7be8e86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-11-26  Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
+
+	Fix off-by-one recordregion in readcmd.
+
 2009-09-28  Jim Meyering  <meyering@xxxxxxxxxx>
 
 	don't read-uninitialized for \177 in a here-doc
diff --git a/src/miscbltin.c b/src/miscbltin.c
index ec9872d..046f2f2 100644
--- a/src/miscbltin.c
+++ b/src/miscbltin.c
@@ -84,7 +84,7 @@ readcmd_handle_line(char *line, char **ap, size_t len)
 	backup = sstrdup(line);
 
 	arglist.lastp = &arglist.list;
-	recordregion(0, len, 0);
+	recordregion(0, len - 1, 0);
 	
 	ifsbreakup(s, &arglist);
 	*arglist.lastp = NULL;

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe dash" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux