mysterious segfault with busybox 1.13.0 ash

Cristian Ionescu-Idbohrn cristian.ionescu-idbohrn at axis.com
Fri Nov 21 17:33:13 UTC 2008 

On Fri, 21 Nov 2008, Denys Vlasenko wrote:

> On Fri, Nov 21, 2008 at 10:08 AM, Natanael Copa <natanael.copa at gmail.com> wrote:
> > On Fri, 2008-11-21 at 10:54 +0200, Timo Teräs wrote:
> >> Looks like ash was broken in commit r23583 where the node type defines
> >> were changed, but related arrays were not updated. Especially the node
> >> size table which affects size calculations was left out, thus all kind
> >> of funny things such as memory corruption can happen.
> >>
> >> Please try the below patch:
> >>
> >> Index: shell/ash.c
> >> ===================================================================
> >> --- shell/ash.c       (revision 24107)
> >> +++ shell/ash.c       (working copy)
> >> @@ -7556,7 +7556,7 @@
> >>  #define EV_TESTED 02            /* exit status is checked; ignore -e flag */
> >>  #define EV_BACKCMD 04           /* command executing within back quotes */
> >>
> >> -static const short nodesize[26] = {
> >> +static const short nodesize[27] = {
> >>       SHELL_ALIGN(sizeof(struct ncmd)),
> >>       SHELL_ALIGN(sizeof(struct npipe)),
> >>       SHELL_ALIGN(sizeof(struct nredir)),
> >> @@ -7578,6 +7578,7 @@
> >>       SHELL_ALIGN(sizeof(struct nfile)),
> >>       SHELL_ALIGN(sizeof(struct nfile)),
> >>       SHELL_ALIGN(sizeof(struct nfile)),
> >> +     SHELL_ALIGN(sizeof(struct nfile)),
> >>       SHELL_ALIGN(sizeof(struct ndup)),
> >>       SHELL_ALIGN(sizeof(struct ndup)),
> >>       SHELL_ALIGN(sizeof(struct nhere)),
>
> Crap! :( Yes, seems like I broke it.
>
> > wow! nasty one. you're the man!
>
> Yes. Thanks Timo! That was very, very non-obvious one.
> Grepping for NTO would not catch its implicit usage
> in nodesize[]. There are no checks for misplaced sizeof
> in the array.
>
> I made it a bit less obscure in the patch...
>
> > nc svn # ./busybox ash -c "f() { ! false && echo foo; }; f"
> > foo
> >
> > This patch should be added to fixes 1.13.0
>
> http://busybox.net/downloads/fixes-1.13.0/busybox-1.13.0-ash.patch

  CC      shell/ash.o
shell/ash.c:7578: error: 'NTO2' undeclared here (not in a function)
shell/ash.c:7578: error: array index in initializer not of integer type
shell/ash.c:7578: error: (near initialization for 'nodesize')
make[1]: *** [shell/ash.o] Error 1

Is this patch the correct fix?

Index: shell/ash.c
===================================================================
--- shell/ash.c	(revision 24115)
+++ shell/ash.c	(working copy)
@@ -7575,7 +7575,9 @@
 	[NDEFUN   ] = SHELL_ALIGN(sizeof(struct narg)),
 	[NARG     ] = SHELL_ALIGN(sizeof(struct narg)),
 	[NTO      ] = SHELL_ALIGN(sizeof(struct nfile)),
-	[NTO2     ] = SHELL_ALIGN(sizeof(struct nfile)),
+	USE_ASH_BASH_COMPAT(
+		[NTO2] = SHELL_ALIGN(sizeof(struct nfile)),
+	)
 	[NCLOBBER ] = SHELL_ALIGN(sizeof(struct nfile)),
 	[NFROM    ] = SHELL_ALIGN(sizeof(struct nfile)),
 	[NFROMTO  ] = SHELL_ALIGN(sizeof(struct nfile)),


Cheers,

-- 
Cristian

More information about the busybox mailing list