[BusyBox] Re: Memory corruption in ln

Erik Andersen andersen at lineo.com
Wed Jun 21 23:56:06 UTC 2000


On Wed Jun 21, 2000 at 07:31:50PM -0400, Pavel Roskin wrote:
> Hello, Erik!
> 
> I hope it's not too late.

Nope.  Not too late.

> Our "ln" corrupts memory in the most common cases.

[cringe].  Thats bad.

> If "-n" is not specified "ln" tries to dereference the link for the
> destination. If the destination is not a link (e.g. it doesn't exist) the
> function readlink() returns -1. Then following is executed:
> 
> srcName[-1] = '\0';
> 
> This corrupts the memory! At least on some platforms it can cause hard to
> debug problems.
> 
> On another hand, srcName is never used after being filled with data. This
> means that "-n" doesn't work at all.
> 
> I tried to fix "-n", but it is not trivial. Basically, linking to
> directories needs to be fixed, but it requires a lot of new code (you
> cannot link file to dir, you should link file to dir/file)
> 
> If it's not too late, I'd like to disable "-n" and the corresponding code
> for the 0.44 release. Please note that the memory corruption occurs when
> "-n" is not specified!
> 
> If you are going to release 0.44 today please apply the patch below.

Ok.  Again good spotting.  I will apply this ASAP (unless you beat me to it)

 -Erik

--
Erik B. Andersen   email:  andersen at lineo.com
--This message was written using 73% post-consumer electrons--





More information about the busybox mailing list