On Fri, Nov 21, 2008 at 10:08 AM, Natanael Copa <[EMAIL PROTECTED]> wrote:
> On Fri, 2008-11-21 at 10:54 +0200, Timo Teräs wrote:
>> Looks like ash was broken in commit r23583 where the node type defines
>> were changed, but related arrays were not updated. Especially the node
>> size table which affects size calculations was left out, thus all kind
>> of funny things such as memory corruption can happen.
>>
>> Please try the below patch:
>>
>> Index: shell/ash.c
>> ===================================================================
>> --- shell/ash.c (revision 24107)
>> +++ shell/ash.c (working copy)
>> @@ -7556,7 +7556,7 @@
>> #define EV_TESTED 02 /* exit status is checked; ignore -e flag */
>> #define EV_BACKCMD 04 /* command executing within back quotes */
>>
>> -static const short nodesize[26] = {
>> +static const short nodesize[27] = {
>> SHELL_ALIGN(sizeof(struct ncmd)),
>> SHELL_ALIGN(sizeof(struct npipe)),
>> SHELL_ALIGN(sizeof(struct nredir)),
>> @@ -7578,6 +7578,7 @@
>> SHELL_ALIGN(sizeof(struct nfile)),
>> SHELL_ALIGN(sizeof(struct nfile)),
>> SHELL_ALIGN(sizeof(struct nfile)),
>> + SHELL_ALIGN(sizeof(struct nfile)),
>> SHELL_ALIGN(sizeof(struct ndup)),
>> SHELL_ALIGN(sizeof(struct ndup)),
>> SHELL_ALIGN(sizeof(struct nhere)),
Crap! :( Yes, seems like I broke it.
> wow! nasty one. you're the man!
Yes. Thanks Timo! That was very, very non-obvious one.
Grepping for NTO would not catch its implicit usage
in nodesize[]. There are no checks for misplaced sizeof
in the array.
I made it a bit less obscure in the patch...
> nc svn # ./busybox ash -c "f() { ! false && echo foo; }; f"
> foo
>
> This patch should be added to fixes 1.13.0
http://busybox.net/downloads/fixes-1.13.0/busybox-1.13.0-ash.patch
--
vda
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
