[Bug 4832] New: test builtin chokes on bare "!"

bugzilla at busybox.net bugzilla at busybox.net
Fri Mar 2 16:39:29 UTC 2012


https://bugs.busybox.net/show_bug.cgi?id=4832

           Summary: test builtin chokes on bare "!"
           Product: Busybox
           Version: 1.19.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: mjt+busybox at tls.msk.ru
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


To reproduce:

$ busybox sh -xc 'test !'
+ test !
Segmentation fault

It happens on x64 this way, on i386 it succeeds but only because there's more
room in argv vector, see below.

In coreutils/test.c, we see:

 test_main()
 -> oexpr(UNOT)
  -> aexpr(UNOT)
   -> nexpr(UNOT)

static number_t nexpr(enum token n)
{
at entry, *args points to the last NULL argv element.
        number_t res;

        nest_msg(">nexpr(%s)\n", TOKSTR[n]);
        if (n == UNOT) {
                n = check_operator(*++args);
                                   ^^^^^^^
we increment args, it points past the array.  check_operator retursn EOI.
                if (n == EOI) {
                        /* special case: [ ! ], [ a -a ! ] are valid */
                        /* IOW, "! ARG" may miss ARG */
                        unnest_msg("<nexpr:1 (!EOI)\n");
                        return 1;
                        ^^^^^^^^^ we are here

And back in aexpr(), we have:

static number_t aexpr(enum token n)
{
        number_t res;

        nest_msg(">aexpr(%s)\n", TOKSTR[n]);
        res = nexpr(n);
              ^^^^^^^ we called this nexpr, which returned
        dbg_msg("aexpr: nexpr:%lld, next args:%s\n", res, args[1]);
        if (check_operator(*++args) == BAND) {
                          ^^^^^^^^^
And there, we're referencing next-after-last argv element.

Maybe nexpr should not increment args in case of EOI ?

Thanks,

/mjt

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list