[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox-cvs
Subject: [git commit branch/1_36_stable] ed: don't use memcpy with overlapping memory regions
From: Denys Vlasenko <vda.linux () googlemail ! com>
Date: 2023-01-05 15:26:49
Message-ID: 20230105152716.1348687638 () busybox ! osuosl ! org
[Download RAW message or body]
commit: https://git.busybox.net/busybox/commit/?id=f15dfd86c4fba78881071dd0f5c63466fa9737a2
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/1_36_stable
The memcpy invocations in the subCommand function, modified by this
commit, previously used memcpy with overlapping memory regions. This is
undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since
we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers
implementation catches this source of undefined behavior [0]. The issue
can only be triggered if the replacement string is the same size or
shorter than the old string.
Looking at the code, it seems to me that a memmove(3) is what was
actually intended here, this commit modifies the code accordingly.
[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504
Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
editors/ed.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/editors/ed.c b/editors/ed.c
index 209ce9942..4a84f7433 100644
--- a/editors/ed.c
+++ b/editors/ed.c
@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
if (deltaLen <= 0) {
memcpy(&lp->data[offset], newStr, newLen);
if (deltaLen) {
- memcpy(&lp->data[offset + newLen],
+ memmove(&lp->data[offset + newLen],
&lp->data[offset + oldLen],
lp->len - offset - oldLen);
_______________________________________________
busybox-cvs mailing list
busybox-cvs@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic