[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH] ed: don't use memcpy with overlapping memory regions
From: Sören Tempel <soeren () soeren-tempel ! net>
Date: 2022-04-30 13:14:17
Message-ID: 21PHGKH89PGCJ.3P3652PG9R9MG () 8pit ! net
[Download RAW message or body]
Ping.
soeren@soeren-tempel.net wrote:
> From: Sören Tempel <soeren+git@soeren-tempel.net>
>
> The memcpy invocations in the subCommand function, modified by this
> commit, previously used memcpy with overlapping memory regions. This is
> undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since
> we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers
> implementation catches this source of undefined behavior [0]. The issue
> can only be triggered if the replacement string is the same size or
> shorter than the old string.
>
> Looking at the code, it seems to me that a memmove(3) is what was
> actually intended here, this commit modifies the code accordingly.
>
> [0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504
> ---
> editors/ed.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/editors/ed.c b/editors/ed.c
> index 209ce9942..4a84f7433 100644
> --- a/editors/ed.c
> +++ b/editors/ed.c
> @@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
> if (deltaLen <= 0) {
> memcpy(&lp->data[offset], newStr, newLen);
> if (deltaLen) {
> - memcpy(&lp->data[offset + newLen],
> + memmove(&lp->data[offset + newLen],
> &lp->data[offset + oldLen],
> lp->len - offset - oldLen);
>
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic