Follow-up Comment #1, bug #65588 (group make): A buffer overflow occurs in oneshell mode when shellflags contains characters special to shell.
$ cat makefile .ONESHELL: .SHELLFLAGS:=hello' all:;: $ make Aborted (core dumped) In oneshell mode construct_command_argv_internal wants to store in argv[0] the value of shell, followed by shellflags, followed by the command line. construct_command_argv_internal preallocates memory with nextp = new_argv[0] = xmalloc (shell_len + sflags_len + line_len + 3); construct_command_argv_internal is then used recursively to construct argv from shellflags. If shellflags contains characters special to shell, then this recursive call does the so-called slow mode and constructs argv of "/bin/sh", "-c", and the value of shellflags. One problem is that the top construct_command_argv_internal never allocated room for the "/bin/sh" and "-c". Aside from the overflow, it is incorrect to prepend "/bin/sh" and "-c" to shellflags. Preallocating more room in top construct_command_argv_internal can solve the overflow, but the resultant command line stays incorrect, because shellflags were not supposed to carry "/bin/sh" and "-c". This fix parses shellflags without help from construct_command_argv_internal and lets shellflags carry quoted tokens in oneshell mode, even when special characters are present. The fix is split to 2 parts to simplify review. Part1 is refactoring which allows to avoid multiple redundant if checks. Part2 is the actual fix and is supposed to be applied after part1. Tested on linux-x86, sunos-sparc and aix-powerpc, all 64 and 32 bits. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?65588> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/