[Bug 8506] ash: corrupted expansion of ${#var} if $var contains UTF-8 characters

bugzilla at busybox.net bugzilla at busybox.net
Wed Mar 16 17:43:03 UTC 2016


--- Comment #7 from Ron Yorston <rmy at pobox.com> ---
This regression was introduced by commit d68d1fb, part of a series I submitted
in May last year to fix another issue.

The proposed patch using the var_start variable doesn't work.  Between the time
the value of expdest is recorded at the start of the function and used at end,
the stack block to which it refers may have been reallocated.  Restoring the
incorrect value causes the shell to crash.  I was able to make this happen with
a variable containing ~600 characters.

Like Hans I'm also unsure about the other proposed solution.  The code in
question is rather convoluted:  as well as ${#var} it also affects ${var+XXX}
and it's not clear to me that it's safe.

My suggestion is to discard the unwanted string in the conditional Unicode
section while the original value of len is still available:

        if (subtype == VSLENGTH && len > 0) {
            if (unicode_status == UNICODE_ON) {
                STADJUST(-len, expdest);
                discard = 0;
                len = unicode_strlen(p);

This limits the effect of the change to the BusyBox-specific Unicode section
and maintains greater compatibility with dash (which is where I got the ideas
for my patch series).

You are receiving this mail because:
You are on the CC list for the bug.

More information about the busybox-cvs mailing list