[Bug 4832] New: test builtin chokes on bare "!"
bugzilla at busybox.net
bugzilla at busybox.net
Fri Mar 2 16:39:29 UTC 2012
https://bugs.busybox.net/show_bug.cgi?id=4832
Summary: test builtin chokes on bare "!"
Product: Busybox
Version: 1.19.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Other
AssignedTo: unassigned at busybox.net
ReportedBy: mjt+busybox at tls.msk.ru
CC: busybox-cvs at busybox.net
Estimated Hours: 0.0
To reproduce:
$ busybox sh -xc 'test !'
+ test !
Segmentation fault
It happens on x64 this way, on i386 it succeeds but only because there's more
room in argv vector, see below.
In coreutils/test.c, we see:
test_main()
-> oexpr(UNOT)
-> aexpr(UNOT)
-> nexpr(UNOT)
static number_t nexpr(enum token n)
{
at entry, *args points to the last NULL argv element.
number_t res;
nest_msg(">nexpr(%s)\n", TOKSTR[n]);
if (n == UNOT) {
n = check_operator(*++args);
^^^^^^^
we increment args, it points past the array. check_operator retursn EOI.
if (n == EOI) {
/* special case: [ ! ], [ a -a ! ] are valid */
/* IOW, "! ARG" may miss ARG */
unnest_msg("<nexpr:1 (!EOI)\n");
return 1;
^^^^^^^^^ we are here
And back in aexpr(), we have:
static number_t aexpr(enum token n)
{
number_t res;
nest_msg(">aexpr(%s)\n", TOKSTR[n]);
res = nexpr(n);
^^^^^^^ we called this nexpr, which returned
dbg_msg("aexpr: nexpr:%lld, next args:%s\n", res, args[1]);
if (check_operator(*++args) == BAND) {
^^^^^^^^^
And there, we're referencing next-after-last argv element.
Maybe nexpr should not increment args in case of EOI ?
Thanks,
/mjt
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list