summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSören Tempel2022-02-08 20:29:30 +0100
committerDenys Vlasenko2023-01-05 16:21:48 +0100
commitca96022d6edaaf619324db5a481698231d74d1df (patch)
treec0a2fb98ed87e197681ad935c97222a2e851429a
parentb1884deb514c35289d37e7bfbf23f770b0bd09b3 (diff)
downloadbusybox-ca96022d6edaaf619324db5a481698231d74d1df.zip
busybox-ca96022d6edaaf619324db5a481698231d74d1df.tar.gz
ed: don't use memcpy with overlapping memory regions
The memcpy invocations in the subCommand function, modified by this commit, previously used memcpy with overlapping memory regions. This is undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers implementation catches this source of undefined behavior [0]. The issue can only be triggered if the replacement string is the same size or shorter than the old string. Looking at the code, it seems to me that a memmove(3) is what was actually intended here, this commit modifies the code accordingly. [0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504 Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--editors/ed.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/editors/ed.c b/editors/ed.c
index 209ce99..4a84f74 100644
--- a/editors/ed.c
+++ b/editors/ed.c
@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
if (deltaLen <= 0) {
memcpy(&lp->data[offset], newStr, newLen);
if (deltaLen) {
- memcpy(&lp->data[offset + newLen],
+ memmove(&lp->data[offset + newLen],
&lp->data[offset + oldLen],
lp->len - offset - oldLen);