[Bug 14956] A use-after-free in busybox's bc applet
bugzilla at busybox.net
bugzilla at busybox.net
Tue Aug 9 14:55:30 UTC 2022
https://bugs.busybox.net/show_bug.cgi?id=14956
--- Comment #2 from xiechengliang <xiechengliang1 at huawei.com> ---
Possible fix:
diff --git a/miscutils/bc.c b/miscutils/bc.c
index ab785bbc8..44e55eeea 100644
--- a/miscutils/bc.c
+++ b/miscutils/bc.c
@@ -3048,16 +3048,16 @@ static BC_STATUS zxc_lex_next(void)
if (peek_inbuf() == '\0')
RETURN_STATUS(BC_STATUS_SUCCESS);
}
- p->lex_next_at = p->lex_inbuf;
- dbg_lex("next string to parse:'%.*s'",
- (int)(strchrnul(p->lex_next_at, '\n') - p->lex_next_at),
- p->lex_next_at
- );
if (IS_BC) {
IF_BC(s = zbc_lex_token());
} else {
IF_DC(s = zdc_lex_token());
}
+ p->lex_next_at = p->lex_inbuf;
+ dbg_lex("next string to parse:'%.*s'",
+ (int)(strchrnul(p->lex_next_at, '\n') - p->lex_next_at),
+ p->lex_next_at
+ );
} while (!s && p->lex == XC_LEX_WHITESPACE);
dbg_lex("p->lex from string:%d", p->lex);
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list