[BusyBox 0004124]: ls --color reads uninitialized memory
bugs at busybox.net
bugs at busybox.net
Wed Jul 16 06:23:23 UTC 2008
A NOTE has been added to this issue.
======================================================================
http://busybox.net/bugs/view.php?id=4124
======================================================================
Reported By: cristic
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 4124
Category: Other
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 07-14-2008 19:48 PDT
Last Modified: 07-15-2008 23:23 PDT
======================================================================
Summary: ls --color reads uninitialized memory
Description:
Hello, "ls --color" in busybox-1.11.1 reads uninitialized memory. The
--color option requires an argument in busybox, but busybox-1.11.1 does
not validate this. Thus, in ls.c, color_opt points to garbage memory, and
the strcmp() calls on lines 895, 897 and 899 in ls.c may read unitialized
memory. GNU coreutils assumes "always" when no argument is passed to
color.
Cristian
======================================================================
----------------------------------------------------------------------
vda - 07-14-08 22:22
----------------------------------------------------------------------
Please test attached 8.patch
----------------------------------------------------------------------
cristic - 07-15-08 23:23
----------------------------------------------------------------------
Thanks for the quick fix. This patch looks fine to me; it does solve the
problem with reading uninitialized memory. One small issue is that the
code
accepts invalid color attributes, which GNU Coreutils rejects (e.g., ls
--color=blah), but this is a minor issue.
Issue History
Date Modified Username Field Change
======================================================================
07-14-08 19:48 cristic New Issue
07-14-08 19:48 cristic Status new => assigned
07-14-08 19:48 cristic Assigned To => BusyBox
07-14-08 22:21 vda File Added: 8.patch
07-14-08 22:22 vda Note Added: 0009314
07-15-08 17:22 cristic Issue Monitored: cristic
07-15-08 23:23 cristic Note Added: 0009344
======================================================================
More information about the busybox-cvs
mailing list