[git commit] dc: fix a case where we can run off malloced space

Denys Vlasenko vda.linux at googlemail.com
Fri Jul 15 06:37:36 UTC 2011


commit: http://git.busybox.net/busybox/commit/?id=f2f9bc59327256baf2cf66bf634560c163c22852
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 miscutils/dc.c |   25 +++++++------------------
 1 files changed, 7 insertions(+), 18 deletions(-)

diff --git a/miscutils/dc.c b/miscutils/dc.c
index b080ba1..6903761 100644
--- a/miscutils/dc.c
+++ b/miscutils/dc.c
@@ -15,7 +15,7 @@
 //usage:       "p - print top of the stack (without popping),\n"
 //usage:       "f - print entire stack,\n"
 //usage:       "o - pop the value and set output radix (must be 10, 16, 8 or 2).\n"
-//usage:       "Examples: 'dc 2 2 add' -> 4, 'dc 8 8 * 2 2 + /' -> 16"
+//usage:       "Examples: 'dc 2 2 add p' -> 4, 'dc 8 8 * 2 2 + / p' -> 16"
 //usage:
 //usage:#define dc_example_usage
 //usage:       "$ dc 2 2 + p\n"
@@ -245,19 +245,6 @@ static void stack_machine(const char *argument)
 	bb_error_msg_and_die("syntax error at '%s'", argument);
 }
 
-/* return pointer to next token in buffer and set *buffer to one char
- * past the end of the above mentioned token
- */
-static char *get_token(char **buffer)
-{
-	char *current = skip_whitespace(*buffer);
-	if (*current != '\0') {
-		*buffer = skip_non_whitespace(current);
-		return current;
-	}
-	return NULL;
-}
-
 int dc_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int dc_main(int argc UNUSED_PARAM, char **argv)
 {
@@ -272,16 +259,18 @@ int dc_main(int argc UNUSED_PARAM, char **argv)
 		while ((line = xmalloc_fgetline(stdin)) != NULL) {
 			cursor = line;
 			while (1) {
-				token = get_token(&cursor);
-				if (!token)
+				token = skip_whitespace(cursor);
+				if (*token == '\0')
 					break;
-				*cursor++ = '\0';
+				cursor = skip_non_whitespace(token);
+				if (*cursor != '\0')
+					*cursor++ = '\0';
 				stack_machine(token);
 			}
 			free(line);
 		}
 	} else {
-		// why? it breaks "dc -2 2 * p"
+		// why? it breaks "dc -2 2 + p"
 		//if (argv[0][0] == '-')
 		//	bb_show_usage();
 		do {
-- 
1.7.3.4



More information about the busybox-cvs mailing list