[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH] ash: initialize basepf.buf in ash
From:       Denys Vlasenko <vda.linux () googlemail ! com>
Date:       2023-08-31 1:25:16
Message-ID: CAK1hOcMB9EqbW_0sZAzigbLt8-KB2ep+4Sgv-q4TWGMzf_EfNg () mail ! gmail ! com
[Download RAW message or body]

Applied, thank you

On Tue, Aug 29, 2023 at 2:49 PM Yan Zhu <zhuyan34@huawei.com> wrote:
> 
> From: zhuyan <zhuyan34@huawei.com>
> 
> When I planned to print the command in read_line_input, I found that after
> the system started, the command printed for the first time was always
> garbled.
> 
> After analysis, it is found that in the init() function of ash, the
> variable basepf.buf is not initialized after applying for memory, resulting
> in garbled initial data. Then assign it to the global variable
> g_parsefile->buf in ash.c, and then pass g_parsefile->buf to the parameter
> command of the function read_line_input in the function preadfd(), and
> finally cause it to be garbled when the command is printed by
> read_line_input.
> 
> The call stack is as follows:
> #0  read_line_input (st=0xb6fff220, prompt=0xb6ffc910 "\\[\\033[32m\\]\\h \
> \\w\\[\\033[m\\] \\$ ", command=command@entry=0xb6ffc230 \
> "P\325\377\266P\325\377\266", maxsize=maxsize@entry=1024) at libbb/lineedit.c:2461 \
> #1  0x0043ef8c in preadfd () at shell/ash.c:10812 #2  preadbuffer () at \
> shell/ash.c:10914 #3  pgetc () at shell/ash.c:10997
> #4  0x00440c20 in pgetc_eatbnl () at shell/ash.c:11039
> #5  0x00440cbc in xxreadtoken () at shell/ash.c:13157
> #6  0x00440f40 in readtoken () at shell/ash.c:13268
> #7  0x00441234 in list (nlflag=nlflag@entry=1) at shell/ash.c:11782
> #8  0x004420e8 in parsecmd (interact=<optimized out>) at shell/ash.c:13344
> #9  0x00442c34 in cmdloop (top=top@entry=1) at shell/ash.c:13549
> #10 0x00444e4c in ash_main (argc=<optimized out>, argv=0x444e4c <ash_main+1328>) at \
> shell/ash.c:14747 #11 0x00407954 in run_applet_no_and_exit (applet_no=9, \
> name=<optimized out>, argv=0xbefffd34) at libbb/appletlib.c:1024 #12 0x00407b68 in \
> run_applet_and_exit (name=0xbefffe56 "ash", argv=0x9) at libbb/appletlib.c:1047 #13 \
> 0x00407f88 in main (argc=<optimized out>, argv=0xbefffd34) at \
> libbb/appletlib.c:1181 
> Fixes: 82dd14a510ca ("ash: use CONFIG_FEATURE_EDITING_MAX_LEN")
> 
> Signed-off-by: zhuyan <zhuyan34@huawei.com>
> ---
> shell/ash.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/shell/ash.c b/shell/ash.c
> index e1d93da73..771fc8bf9 100644
> --- a/shell/ash.c
> +++ b/shell/ash.c
> @@ -14484,7 +14484,7 @@ static NOINLINE void
> init(void)
> {
> /* we will never free this */
> -       basepf.next_to_pgetc = basepf.buf = ckmalloc(IBUFSIZ);
> +       basepf.next_to_pgetc = basepf.buf = ckzalloc(IBUFSIZ);
> basepf.linno = 1;
> 
> sigmode[SIGCHLD - 1] = S_DFL; /* ensure we install handler even if it is SIG_IGNed \
>                 */
> --
> 2.12.3
> 
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic