On Tuesday 19 August 2008 22:21, Cristian Cadar wrote:
> http://bugs.busybox.net/view.php?id=4664
>
> ./ping6 -
> accesses invalid memory
>
> First, it calls ping6_main(argc=2, argv={"ping6", "-", 0}):
>
> int ping6_main(int argc, char **argv)
> {
> argv[0] = (char*)"-6";
> return ping_main(argc + 1, argv - 1);
> }
>
> ping_main then calls getopt32(argv, ...) which illegally dereferences
> argv[0], that is, the old argv[-1], on line getopt32.c:347:
>
> 346: argc = 0;
> 347: while (argv[argc])
> 348: argc++;
Try this fix:
/* skip 0: some applets cheat: they do not actually HAVE argv[0] */
argc = 1;
while (argv[argc])
argc++;
--
vda
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
