0004664: ping6 accesses invalid memory
Denys Vlasenko
vda.linux at googlemail.com
Wed Aug 20 00:17:08 UTC 2008
On Tuesday 19 August 2008 22:21, Cristian Cadar wrote:
> http://bugs.busybox.net/view.php?id=4664
>
> ./ping6 -
> accesses invalid memory
>
> First, it calls ping6_main(argc=2, argv={"ping6", "-", 0}):
>
> int ping6_main(int argc, char **argv)
> {
> argv[0] = (char*)"-6";
> return ping_main(argc + 1, argv - 1);
> }
>
> ping_main then calls getopt32(argv, ...) which illegally dereferences
> argv[0], that is, the old argv[-1], on line getopt32.c:347:
>
> 346: argc = 0;
> 347: while (argv[argc])
> 348: argc++;
Try this fix:
/* skip 0: some applets cheat: they do not actually HAVE argv[0] */
argc = 1;
while (argv[argc])
argc++;
--
vda
More information about the busybox
mailing list