[BusyBox 0004464]: xrealloc_vector_helper function in xrealloc_vector.c misuses void pointer "vector"
bugs at busybox.net
bugs at busybox.net
Wed Aug 6 02:02:39 UTC 2008
The following issue has been REOPENED.
======================================================================
http://busybox.net/bugs/view.php?id=4464
======================================================================
Reported By: rockeychu
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 4464
Category: Other
Reproducibility: always
Severity: crash
Priority: normal
Status: feedback
======================================================================
Date Submitted: 08-04-2008 20:13 PDT
Last Modified: 08-05-2008 19:02 PDT
======================================================================
Summary: xrealloc_vector_helper function in xrealloc_vector.c
misuses void pointer "vector"
Description:
Variable vector is misused and set zero erroneously. This bug may cause
every applet which calls function of xrealloc_vector crashed, such as
modprobe, insmod, ..., etc.
Patch as following:
Index: libbb/xrealloc_vector.c
===================================================================
--- libbb/xrealloc_vector.c (revision 23044)
+++ libbb/xrealloc_vector.c (working copy)
@@ -39,8 +39,7 @@
if (!(idx & (mask - 1))) {
sizeof_and_shift >>= 8; /* sizeof(vector[0]) */
vector = xrealloc(vector, sizeof_and_shift * (idx + mask +
1));
- vector += idx;
- memset(vector, 0, sizeof_and_shift * (mask + 1));
+ memset(vector + sizeof_and_shift * idx, 0,
sizeof_and_shift * (mask + 1));
}
return vector;
}
======================================================================
----------------------------------------------------------------------
vda - 08-05-08 14:12
----------------------------------------------------------------------
Fixed in svn. Thanks, and sorry for this breakage :(
----------------------------------------------------------------------
rockeychu - 08-05-08 19:02
----------------------------------------------------------------------
It's a pity the (Segmentation fault) problem still exists, e.g. : ./busybox
modprobe it87
IMHO, realloc_xxx should return first byte address of reallocated memory,
and not the first byte address of new extended memory.
Patch as follwing:
Index: libbb/xrealloc_vector.c
===================================================================
--- libbb/xrealloc_vector.c (revision 23058)
+++ libbb/xrealloc_vector.c (working copy)
@@ -39,8 +39,7 @@
if (!(idx & (mask - 1))) {
sizeof_and_shift >>= 8; /* sizeof(vector[0]) */
vector = xrealloc(vector, sizeof_and_shift * (idx + mask +
1));
- vector = (char*)vector + (sizeof_and_shift * idx);
- memset(vector, 0, sizeof_and_shift * (mask + 1));
+ memset(vector + sizeof_and_shift * idx, 0,
sizeof_and_shift * (mask + 1));
}
return vector;
}
Issue History
Date Modified Username Field Change
======================================================================
08-04-08 20:13 rockeychu New Issue
08-04-08 20:13 rockeychu Status new => assigned
08-04-08 20:13 rockeychu Assigned To => BusyBox
08-05-08 14:12 vda Status assigned => closed
08-05-08 14:12 vda Note Added: 0010274
08-05-08 14:12 vda Resolution open => fixed
08-05-08 19:02 rockeychu Status closed => feedback
08-05-08 19:02 rockeychu Resolution fixed => reopened
08-05-08 19:02 rockeychu Note Added: 0010284
======================================================================
More information about the busybox-cvs
mailing list