[BusyBox] [PATCH] cmdedit reads past end of completion strings
Elliot Schwartz
elliot at instant802.com
Tue Sep 28 21:20:37 UTC 2004
While running under valgrind I noticed that shell/cmdedit.c reads past
the end of completion strings. It looks like the code probably meant to
bail out once it found the first unique letter in a completion.
elliot
-------------- next part --------------
Index: cmdedit.c
===================================================================
RCS file: /var/cvs/busybox/shell/cmdedit.c,v
retrieving revision 1.93
diff -p -u -r1.93 cmdedit.c
--- cmdedit.c 19 Aug 2004 18:22:13 -0000 1.93
+++ cmdedit.c 28 Sep 2004 20:44:44 -0000
@@ -1072,8 +1072,9 @@ static void input_tab(int *lastWasTab)
for (len_found = 1; len_found < num_matches; len_found++)
if (matches[len_found][(tmp1 - tmp)] != *tmp1) {
*tmp1 = 0;
- break;
+ goto found_minimal;
}
+ found_minimal:
if (*tmp == 0) { /* have unique */
free(tmp);
return;
More information about the busybox
mailing list