[BusyBox-cvs] [BusyBox 0000191]: memcpy used on overlapping areas in shell/cmdedit.c

bugs at busybox.net bugs at busybox.net
Mon Aug 1 18:18:04 UTC 2005


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=191 
====================================================================== 
Reported By:                hornet
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   191
Category:                   Other
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             03-24-2005 02:58 PST
Last Modified:              08-01-2005 11:18 PDT
====================================================================== 
Summary:                    memcpy used on overlapping areas in shell/cmdedit.c
Description: 
Using busybox on SH4 platform (STi5528, http://www.superhlinux.com) ash
crashes during TAB command line completion (always if used as parameter
completion, rarely as command completion).

There is macro in shell/cmdedit.c:

#define collapse_pos(is, in) { \
        memcopy(int_buf+(is), int_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); \
        memcopy(pos_buf+(is), pos_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); }

Meantime it is written in memcopy manual:

The  memcpy() function copies n bytes from memory area src to memory area
dest.  THE MEMORY AREAS MAY NOT OVERLAP. Use memmove(3) if the memory
areas do overlap.

So, the correct macro is:

#define collapse_pos(is, in) { \
        memmove(int_buf+(is), int_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); \
        memmove(pos_buf+(is), pos_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); }

And it solves the problem :-)
====================================================================== 

---------------------------------------------------------------------- 
 hornet - 03-24-05 03:01  
---------------------------------------------------------------------- 
Well. Now I have realized that it is a duplication of
http://busybox.net/bugs/view.php?id=54 bug. Pity I have not checked it
earlier... :-( 

---------------------------------------------------------------------- 
 pgf - 08-01-05 11:18  
---------------------------------------------------------------------- 
dup of 54 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-24-05 02:58  hornet         New Issue                                    
03-24-05 03:01  hornet         Note Added: 0000116                          
08-01-05 11:18  pgf            Status                   assigned => closed  
08-01-05 11:18  pgf            Note Added: 0000369                          
======================================================================




More information about the busybox-cvs mailing list