Busybox 1.1.0 tr problem

Thu Jan 19 15:48:13 UTC 2006

On Thursday 19 January 2006 02:31, m.pommerenke at avm.de wrote:
> Hi Rob,
>
> >> 1) tr "[0-9]"   Segmentation fault (core dumped)
> >
> > I'm still not getting this segfault.  What's your build environment?
> (uclibc?
> > gcc4?)
>
> gcc 3.4.5 mipsel, uClibc 0.9.28, Busybox 1.10 rel.

Yup, uClibc is better about revealing use-after-free errors promptly than 
glibc is.  I'll try to reproduce it under that when I get home from work.

> > > 2) tr "\[0"     did not work
> >
> > What was it supposed to do?
>
> I ment:
>
> echo "abc[defg" | tr '[ab\[]' 'x'   should print: xxcxdefg
> or
> echo "abc[defg" | tr '\[a' 'x'   should print: xbcxdefg

Confirmed: I can reproduce this.

> > behavior, I need to audit all the existing users of it...
>
> This is korrekt. the function bb_process_escape_sequence() is missused. As
> you
> can see only
>
>             'a',  'b',  'f',  'n',  'r',  't',  'v',  '\\', 0,
>             '\a', '\b', '\f', '\n', '\r', '\t', '\v', '\\', '\\' };
>
> are excaped. Alle other excape sequences will be returned as ´\´.
> Check line 97 in file process_escape_seqeunce.c
>
>       if (num_digits == 0) {  /* mnemonic escape sequence? */
>             p = charmap;
>             do {
>                   if (*p == *q) {
>                         q++;
>                         break;
>                   }
>             } while (*++p);
>             n = *(p+(sizeof(charmap)/2));
>       }
>
>       *ptr = q;
>
>       return (char) n;
>
> If non matches 'p' will point to '0'. Therefor n will be '\'
> /*--- n = *(p+(sizeof(charmap)/2)) ---*/
>
> My hack ist a simple workaround. I check wether process_escape_seqeunce()
> returns '\'.
> If so I just skip ´\´. The next character will be processed.

Yeah, I understand the problem now.  I'm trying to figure out if the correct 
fix is to modify process_escape_sequence() or its users, and to determine 
that I need to audit the users and figure out what they all need/expect.

> Sorry, my comments have been in german. I just copied it out of our souce
> code.

No problem, I just couldn't read 'em.  Thanks for the translations.

> Martin

Rob
-- 
Steve Ballmer: Innovation!  Inigo Montoya: You keep using that word.
I do not think it means what you think it means.