On Fri, Nov 21, 2008 at 10:08 AM, Natanael Copa <[EMAIL PROTECTED]> wrote: > On Fri, 2008-11-21 at 10:54 +0200, Timo Teräs wrote: >> Looks like ash was broken in commit r23583 where the node type defines >> were changed, but related arrays were not updated. Especially the node >> size table which affects size calculations was left out, thus all kind >> of funny things such as memory corruption can happen. >> >> Please try the below patch: >> >> Index: shell/ash.c >> =================================================================== >> --- shell/ash.c (revision 24107) >> +++ shell/ash.c (working copy) >> @@ -7556,7 +7556,7 @@ >> #define EV_TESTED 02 /* exit status is checked; ignore -e flag */ >> #define EV_BACKCMD 04 /* command executing within back quotes */ >> >> -static const short nodesize[26] = { >> +static const short nodesize[27] = { >> SHELL_ALIGN(sizeof(struct ncmd)), >> SHELL_ALIGN(sizeof(struct npipe)), >> SHELL_ALIGN(sizeof(struct nredir)), >> @@ -7578,6 +7578,7 @@ >> SHELL_ALIGN(sizeof(struct nfile)), >> SHELL_ALIGN(sizeof(struct nfile)), >> SHELL_ALIGN(sizeof(struct nfile)), >> + SHELL_ALIGN(sizeof(struct nfile)), >> SHELL_ALIGN(sizeof(struct ndup)), >> SHELL_ALIGN(sizeof(struct ndup)), >> SHELL_ALIGN(sizeof(struct nhere)),
Crap! :( Yes, seems like I broke it. > wow! nasty one. you're the man! Yes. Thanks Timo! That was very, very non-obvious one. Grepping for NTO would not catch its implicit usage in nodesize[]. There are no checks for misplaced sizeof in the array. I made it a bit less obscure in the patch... > nc svn # ./busybox ash -c "f() { ! false && echo foo; }; f" > foo > > This patch should be added to fixes 1.13.0 http://busybox.net/downloads/fixes-1.13.0/busybox-1.13.0-ash.patch -- vda _______________________________________________ busybox mailing list busybox@busybox.net http://busybox.net/cgi-bin/mailman/listinfo/busybox