bash's own getcwd reads uninitialized/nonexistent memory

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bash's own getcwd reads uninitialized/nonexistent memory

From:	Philippe De Muyter
Subject:	bash's own getcwd reads uninitialized/nonexistent memory
Date:	Wed, 23 Jan 2008 17:45:25 +0100
User-agent:	Mutt/1.4.1i

Configuration Information [Automatically generated, do not change]:
Machine: powerpc
OS: linux-gnuspe
Compiler: powerpc-linuxspe-gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='powerpc' 
-DCONF_OSTYPE='linux-gnuspe' -DCONF_MACHTYPE='powerpc-unknown-linux-gnuspe' 
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' 
-DSHELL -DHAVE_CONFIG_H   -I.  
-I/archives/meip/devtools/cross-build/src/bash-3.2 
-I/archives/meip/devtools/cross-build/src/bash-3.2/include 
-I/archives/meip/devtools/cross-build/src/bash-3.2/lib   -g -O2
uname output: Linux (none) 2.6.19 #17 Thu Dec 7 11:20:51 CET 2006 ppc GNU/Linux
Machine Type: powerpc-unknown-linux-gnuspe

Bash Version: 3.2
Patch Level: 33
Release Status: release

Description:
        bash's own getcwd reads uninitialzed/non-existent memory
        when called as getcwd(0, 4096);
        That made it non-responding when started with linux boot params
        as `init=/bin/sh'.

Repeat-By:
        Compile bash with BROKEN_GETCWD

Fix:
here is a patch :
Summary :
`len' is the real length of the found path
`size' is the size of the requested buffer (4096 above)
the current code allocates max(len, size) and then COPIES MAX(len, size)
which is plain wrong; it should only copy len :
that's what the new code does. : it allocates max(len, size) but copies len.

diff -rup -U 10 cross-build/src/bash-3.2/lib/sh/getcwd.c 
cross-build/src/bash-3.2-phdm/lib/sh/getcwd.c
--- cross-build/src/bash-3.2/lib/sh/getcwd.c    2004-07-21 23:15:19.000000000 
+0200
+++ cross-build/src/bash-3.2-fixed/lib/sh/getcwd.c      2008-01-22 
15:32:51.000000000 +0100
@@ -246,23 +246,23 @@ getcwd (buf, size)
   if (pathp == &path[sizeof(path) - 1])
     *--pathp = '/';
 
   if (dotlist != dots)
     free ((PTR_T) dotlist);
 
   {
     size_t len = pathbuf + pathsize - pathp;
     if (buf == NULL)
       {
-       if (len < (size_t) size)
-         len = size;
-       buf = (char *) malloc (len);
+       if ((size_t) size < len)
+         size = len;
+       buf = (char *) malloc (size);
        if (buf == NULL)
          goto lose2;
       }
     else if ((size_t) size < len)
       {
        errno = ERANGE;
        goto lose2;
       }
     (void) memcpy((PTR_T) buf, (PTR_T) pathp, len);
   }

[Prev in Thread]

Current Thread

[Next in Thread]

bash's own getcwd reads uninitialized/nonexistent memory, Philippe De Muyter <=
- Re: bash's own getcwd reads uninitialized/nonexistent memory, Michael Haubenwallner, 2008/01/24
  - Re: bash's own getcwd reads uninitialized/nonexistent memory, Philippe De Muyter, 2008/01/24

Prev by Date: Re: readline escaping problems
Next by Date: Re: bash's own getcwd reads uninitialized/nonexistent memory
Previous by thread: readline escaping problems
Next by thread: Re: bash's own getcwd reads uninitialized/nonexistent memory
Index(es):
- Date
- Thread