Pinging again as this is still unfixed and the proposed fix is rather trivial.
Sören Tempel <soe...@soeren-tempel.net> wrote: > Ping. > > soe...@soeren-tempel.net wrote: > > From: Sören Tempel <soeren+...@soeren-tempel.net> > > > > The memcpy invocations in the subCommand function, modified by this > > commit, previously used memcpy with overlapping memory regions. This is > > undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since > > we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers > > implementation catches this source of undefined behavior [0]. The issue > > can only be triggered if the replacement string is the same size or > > shorter than the old string. > > > > Looking at the code, it seems to me that a memmove(3) is what was > > actually intended here, this commit modifies the code accordingly. > > > > [0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504 > > --- > > editors/ed.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/editors/ed.c b/editors/ed.c > > index 209ce9942..4a84f7433 100644 > > --- a/editors/ed.c > > +++ b/editors/ed.c > > @@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int > > num2) > > if (deltaLen <= 0) { > > memcpy(&lp->data[offset], newStr, newLen); > > if (deltaLen) { > > - memcpy(&lp->data[offset + newLen], > > + memmove(&lp->data[offset + newLen], > > &lp->data[offset + oldLen], > > lp->len - offset - oldLen); > > > > _______________________________________________ > > busybox mailing list > > busybox@busybox.net > > http://lists.busybox.net/mailman/listinfo/busybox > _______________________________________________ > busybox mailing list > busybox@busybox.net > http://lists.busybox.net/mailman/listinfo/busybox _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
