[BusyBox-cvs] [BusyBox 0000191]: memcpy used on overlapping areas in shell/cmdedit.c
bugs at busybox.net
bugs at busybox.net
Mon Aug 1 18:18:04 UTC 2005
The following issue has been CLOSED
======================================================================
http://busybox.net/bugs/view.php?id=191
======================================================================
Reported By: hornet
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 191
Category: Other
Reproducibility: always
Severity: major
Priority: normal
Status: closed
Resolution: open
Fixed in Version:
======================================================================
Date Submitted: 03-24-2005 02:58 PST
Last Modified: 08-01-2005 11:18 PDT
======================================================================
Summary: memcpy used on overlapping areas in shell/cmdedit.c
Description:
Using busybox on SH4 platform (STi5528, http://www.superhlinux.com) ash
crashes during TAB command line completion (always if used as parameter
completion, rarely as command completion).
There is macro in shell/cmdedit.c:
#define collapse_pos(is, in) { \
memcopy(int_buf+(is), int_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); \
memcopy(pos_buf+(is), pos_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); }
Meantime it is written in memcopy manual:
The memcpy() function copies n bytes from memory area src to memory area
dest. THE MEMORY AREAS MAY NOT OVERLAP. Use memmove(3) if the memory
areas do overlap.
So, the correct macro is:
#define collapse_pos(is, in) { \
memmove(int_buf+(is), int_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); \
memmove(pos_buf+(is), pos_buf+(in),
(BUFSIZ+1-(is)-(in))*sizeof(int)); }
And it solves the problem :-)
======================================================================
----------------------------------------------------------------------
hornet - 03-24-05 03:01
----------------------------------------------------------------------
Well. Now I have realized that it is a duplication of
http://busybox.net/bugs/view.php?id=54 bug. Pity I have not checked it
earlier... :-(
----------------------------------------------------------------------
pgf - 08-01-05 11:18
----------------------------------------------------------------------
dup of 54
Issue History
Date Modified Username Field Change
======================================================================
03-24-05 02:58 hornet New Issue
03-24-05 03:01 hornet Note Added: 0000116
08-01-05 11:18 pgf Status assigned => closed
08-01-05 11:18 pgf Note Added: 0000369
======================================================================
More information about the busybox-cvs
mailing list