summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2016-09-17 20:53:47 +0200
committerDenys Vlasenko2016-09-17 20:53:47 +0200
commit7bc3d39695728c6257a95bc2d75e80d3e2431c8b (patch)
tree4e05b6f94f7f0ab428ed63515d1e888b35e69426
parentd2c5de0130d46e3314908cddb5f831a84a9f9e27 (diff)
downloadbusybox-7bc3d39695728c6257a95bc2d75e80d3e2431c8b.zip
busybox-7bc3d39695728c6257a95bc2d75e80d3e2431c8b.tar.gz
ash: add a FIXME for bug 9246
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--shell/ash.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/shell/ash.c b/shell/ash.c
index 789a81c..790367b 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -11659,9 +11659,18 @@ parsebackq: {
str = NULL;
savelen = out - (char *)stackblock();
if (savelen > 0) {
+ /*
+ * FIXME: this can allocate very large block on stack and SEGV.
+ * Example:
+ * echo "..<100kbytes>..`true` $(true) `true` ..."
+ * alocates 100kb for every command subst. With about
+ * a hundred command substitutions stack overflows.
+ * With larger prepended string, SEGV happens sooner.
+ */
str = alloca(savelen);
memcpy(str, stackblock(), savelen);
}
+
if (oldstyle) {
/* We must read until the closing backquote, giving special
* treatment to some slashes, and then push the string and