[BusyBox] [PATCH] cmdedit reads past end of completion strings

Elliot Schwartz elliot at instant802.com
Tue Sep 28 21:20:37 UTC 2004


While running under valgrind I noticed that shell/cmdedit.c reads past
the end of completion strings. It looks like the code probably meant to
bail out once it found the first unique letter in a completion.

elliot


-------------- next part --------------
Index: cmdedit.c
===================================================================
RCS file: /var/cvs/busybox/shell/cmdedit.c,v
retrieving revision 1.93
diff -p -u -r1.93 cmdedit.c
--- cmdedit.c	19 Aug 2004 18:22:13 -0000	1.93
+++ cmdedit.c	28 Sep 2004 20:44:44 -0000
@@ -1072,8 +1072,9 @@ static void input_tab(int *lastWasTab)
 				for (len_found = 1; len_found < num_matches; len_found++)
 					if (matches[len_found][(tmp1 - tmp)] != *tmp1) {
 						*tmp1 = 0;
-						break;
+						goto found_minimal;
 					}
+		found_minimal:
 			if (*tmp == 0) {        /* have unique */
 				free(tmp);
 				return;


More information about the busybox mailing list