Cristian
8.patch [^] (1,286 bytes) 07-14-08 22:21 
| Anonymous | Login | Signup for a new account | 11-10-2008 12:29 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004124 | [BusyBox] Other | minor | always | 07-14-08 19:48 | 07-15-08 23:49 | ||||
| Reporter | cristic | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | |||||||
| Summary | 0004124: ls --color reads uninitialized memory | ||||||||
| Description |
Hello, "ls --color" in busybox-1.11.1 reads uninitialized memory. The --color option requires an argument in busybox, but busybox-1.11.1 does not validate this. Thus, in ls.c, color_opt points to garbage memory, and the strcmp() calls on lines 895, 897 and 899 in ls.c may read unitialized memory. GNU coreutils assumes "always" when no argument is passed to color. Cristian |
||||||||
| Additional Information | |||||||||
| Attached Files |
8.patch [^] (1,286 bytes) 07-14-08 22:21 |
||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0009314) vda 07-14-08 22:22 |
Please test attached 8.patch |
|
(0009344) cristic 07-15-08 23:23 edited on: 07-15-08 23:29 |
Thanks for the quick fix. This patch looks fine; it does solve the problem with reading uninitialized memory, and our tool hasn't found other memory problems in ls yet (but I'm still running it). One small issue is that the code accepts invalid color attributes, which GNU Coreutils rejects (e.g., ls --color=blah), but this is a minor issue. |
|
(0009354) vda 07-15-08 23:49 |
Fixed in svn. --color=bogus is not a problem, it doesn't break compatibility: I seriously doubt anyone depends on GNU ls erroring out on that. :) |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 07-14-08 19:48 | cristic | New Issue | |
| 07-14-08 19:48 | cristic | Status | new => assigned |
| 07-14-08 19:48 | cristic | Assigned To | => BusyBox |
| 07-14-08 22:21 | vda | File Added: 8.patch | |
| 07-14-08 22:22 | vda | Note Added: 0009314 | |
| 07-15-08 17:22 | cristic | Issue Monitored: cristic | |
| 07-15-08 23:23 | cristic | Note Added: 0009344 | |
| 07-15-08 23:29 | cristic | Note Edited: 0009344 | |
| 07-15-08 23:49 | vda | Status | assigned => closed |
| 07-15-08 23:49 | vda | Note Added: 0009354 | |
| 07-15-08 23:49 | vda | Resolution | open => fixed |
| Copyright © 2000 - 2006 Mantis Group |  |
