0000191: memcpy used on overlapping areas in shell/cmdedit.c

BusyBox Bug and Patch Tracking

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0000191

[BusyBox] Other

major

always

03-24-05 02:58

08-01-05 11:18

Reporter

hornet

View Status

public

Assigned To

BusyBox

Priority

normal

Resolution

duplicate

Status

closed

Product Version

1.00

Summary

0000191: memcpy used on overlapping areas in shell/cmdedit.c

Description

Using busybox on SH4 platform (STi5528, http://www.superhlinux.com) [^] ash crashes during TAB command line completion (always if used as parameter completion, rarely as command completion).

There is macro in shell/cmdedit.c:

#define collapse_pos(is, in) { \
        memcopy(int_buf+(is), int_buf+(in), (BUFSIZ+1-(is)-(in))*sizeof(int)); \
        memcopy(pos_buf+(is), pos_buf+(in), (BUFSIZ+1-(is)-(in))*sizeof(int)); }

Meantime it is written in memcopy manual:

The memcpy() function copies n bytes from memory area src to memory area dest. THE MEMORY AREAS MAY NOT OVERLAP. Use memmove(3) if the memory areas do overlap.

So, the correct macro is:

#define collapse_pos(is, in) { \
        memmove(int_buf+(is), int_buf+(in), (BUFSIZ+1-(is)-(in))*sizeof(int)); \
        memmove(pos_buf+(is), pos_buf+(in), (BUFSIZ+1-(is)-(in))*sizeof(int)); }

And it solves the problem :-)

Additional Information

Attached Files

Relationships

Notes
(0000116) hornet 03-24-05 03:01	Well. Now I have realized that it is a duplication of http://busybox.net/bugs/view.php?id=54 [^] bug. Pity I have not checked it earlier... :-(

(0000369) pgf 08-01-05 11:18	dup of 54

Issue History
Date Modified	Username	Field	Change
03-24-05 02:58	hornet	New Issue
03-24-05 03:01	hornet	Note Added: 0000116
08-01-05 11:18	pgf	Status	assigned => closed
08-01-05 11:18	pgf	Note Added: 0000369
08-01-05 11:18	pgf	Resolution	open => duplicate