bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PS1 expansion of \W incorrect for short paths


From: oe6tkt
Subject: Re: PS1 expansion of \W incorrect for short paths
Date: Fri, 11 Feb 2011 04:49:51 -0800 (PST)
User-agent: G2/1.0

On 18 Jan., 04:41, Cameron Hutchison <address@hidden> wrote:
> Configuration Information [Automatically generated, do not change]:
> Machine: x86_64
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' 
> -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' 
> -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL 
> -DHAVE_CONFIG_H   -I.  -I../bash -I../bash/include -I../bash/lib   -g -O2 
> -Wall
> uname output: Linux balrog 2.6.37-balrog-1-00002-gaf41dc2 #2 SMP PREEMPT Tue 
> Jan 18 11:16:08 EST 2011 x86_64 GNU/Linux
> Machine Type: x86_64-pc-linux-gnu
>
> Bash Version: 4.1
> Patch Level: 5
> Release Status: release
>
> Description:
>         Prompt expansion of \W sometimes produces garbage prompts.
>
> Repeat-By:
>         $ PS1='\W$ '
>         ~$ cd /home
>         hmee$ cd /proc
>         pocc$ cd /lib32
>         li332$
>
> Fix:
>         In parse.y : decode_prompt_string() in the 'W' case, it uses strcpy
>         to copy the basename of the path to the beginning of the string.
>         For short strings, the src and dest args to strcpy may overlap
>         which is not supported by strcpy.
>
>         memmove should be used instead.
>
>         change
>                 strcpy (t_string, t + 1);
>         to
>                 memmove (t_string, t + 1, strlen(t + 1) + 1);
>
>         (untested)

Hello Cameron,

you are right, but you'd copy to many characters, here is my tested
version and patch:

To: address@hidden
Subject: Corrupt prompt string using '\W' within PS1

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -
DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu' -
DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale' -
DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./
lib   -g -O2
uname output: Linux gold 2.6.32-5-amd64 #1 SMP Fri Dec 10 15:35:08 UTC
2010 x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu

Bash Version: 4.1
Patch Level: 9
Release Status: release

Description:
        Corrupt prompt string using the backslash-escaped special character
'\W'

Repeat-By:
        When executing interactively bash displays the following sequence:
          bash-4.1$ cd /
          bash-4.1$ PS1="\W \$ "
          / $ cd home
          hmee $ cd /media
          meiia $

Fix:
        Inside 'y.tab.c' the use of strcpy is in undefined behavior.
        The 't_string' and 't' objects overlaps. Using the memmove,
        copying takes place as if an intermediate buffer was used,
        allowing the destination and source to overlap.
        Regards,
        Thomas Kuschel, oe6tkt

--- old/y.tab.c 2009-12-30 18:52:02.000000000 +0100
+++ y.tab.c     2011-02-11 12:36:45.682266575 +0100
@@ -7481,7 +7481,10 @@ decode_prompt_string (string)
                      {
                        t = strrchr (t_string, '/');
                        if (t)
-                         strcpy (t_string, t + 1);
+                         /* strcpy: If copying takes place between objects 
that overlap,
+                            the behavior is undefined.
+                               strcpy (t_string, t + 1); so changed to: */
+                         memmove (t_string; t + 1, strlen (t));
                      }
                  }
 #undef ROOT_PATH


reply via email to

[Prev in Thread] Current Thread [Next in Thread]