[BusyBox 0004464]: xrealloc_vector_helper function in xrealloc_vector.c misuses void pointer "vector"

bugs at busybox.net bugs at busybox.net
Wed Aug 6 02:02:39 UTC 2008


The following issue has been REOPENED. 
====================================================================== 
http://busybox.net/bugs/view.php?id=4464 
====================================================================== 
Reported By:                rockeychu
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   4464
Category:                   Other
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     feedback
====================================================================== 
Date Submitted:             08-04-2008 20:13 PDT
Last Modified:              08-05-2008 19:02 PDT
====================================================================== 
Summary:                    xrealloc_vector_helper function in xrealloc_vector.c
misuses void pointer "vector"
Description: 
Variable vector is misused and set zero erroneously. This bug may cause
every applet which calls function of xrealloc_vector crashed, such as
modprobe, insmod, ..., etc.

Patch as following:

Index: libbb/xrealloc_vector.c
===================================================================
--- libbb/xrealloc_vector.c     (revision 23044)
+++ libbb/xrealloc_vector.c     (working copy)
@@ -39,8 +39,7 @@
        if (!(idx & (mask - 1))) {
                sizeof_and_shift >>= 8; /* sizeof(vector[0]) */
                vector = xrealloc(vector, sizeof_and_shift * (idx + mask +
1));
-               vector += idx;
-               memset(vector, 0, sizeof_and_shift * (mask + 1));
+               memset(vector + sizeof_and_shift * idx, 0,
sizeof_and_shift * (mask + 1));
        }
        return vector;
 }

====================================================================== 

---------------------------------------------------------------------- 
 vda - 08-05-08 14:12  
---------------------------------------------------------------------- 
Fixed in svn. Thanks, and sorry for this breakage :( 

---------------------------------------------------------------------- 
 rockeychu - 08-05-08 19:02  
---------------------------------------------------------------------- 
It's a pity the (Segmentation fault) problem still exists, e.g. : ./busybox
modprobe it87

IMHO, realloc_xxx should return first byte address of reallocated memory,
and not the first byte address of new extended memory.


Patch as follwing:

Index: libbb/xrealloc_vector.c
===================================================================
--- libbb/xrealloc_vector.c     (revision 23058)
+++ libbb/xrealloc_vector.c     (working copy)
@@ -39,8 +39,7 @@
        if (!(idx & (mask - 1))) {
                sizeof_and_shift >>= 8; /* sizeof(vector[0]) */
                vector = xrealloc(vector, sizeof_and_shift * (idx + mask +
1));
-               vector = (char*)vector + (sizeof_and_shift * idx);
-               memset(vector, 0, sizeof_and_shift * (mask + 1));
+               memset(vector + sizeof_and_shift * idx, 0,
sizeof_and_shift * (mask + 1));
        }
        return vector;
 } 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-04-08 20:13  rockeychu      New Issue                                    
08-04-08 20:13  rockeychu      Status                   new => assigned     
08-04-08 20:13  rockeychu      Assigned To               => BusyBox         
08-05-08 14:12  vda            Status                   assigned => closed  
08-05-08 14:12  vda            Note Added: 0010274                          
08-05-08 14:12  vda            Resolution               open => fixed       
08-05-08 19:02  rockeychu      Status                   closed => feedback  
08-05-08 19:02  rockeychu      Resolution               fixed => reopened   
08-05-08 19:02  rockeychu      Note Added: 0010284                          
======================================================================




More information about the busybox-cvs mailing list