[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
strcpy of overlapping memory ranges in prompt expansion
From: |
simon |
Subject: |
strcpy of overlapping memory ranges in prompt expansion |
Date: |
Wed, 3 Jul 2013 22:06:34 +0200 (CEST) |
Configuration Information [Automatically generated, do not change]:
Machine: i386
OS: darwin13.0.0
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i386'
-DCONF_OSTYPE='darwin13.0.0' -DCONF_MACHTYPE='i386-apple-darwin13.0.0'
-DCONF_VENDOR='apple' -DLOCALEDIR='/usr/local/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H -DMACOSX -I. -I. -I./include -I./lib -I./lib/intl
-I/Users/simon/src/bash-4.2/lib/intl -g -O2
uname output: Darwin darnassus 13.0.0 Darwin Kernel Version 13.0.0: Wed Jun 19
17:59:46 PDT 2013; root:xnu-2422.1.26.0.1~2/RELEASE_X86_64 x86_64
Machine Type: i386-apple-darwin13.0.0
Bash Version: 4.2
Patch Level: 45
Release Status: release
Description:
When using \w in the prompt and changing the directory outside of HOME
bash crashes with an abort trap.
strcpy(3) say src and dst must not overlap. OS X 10.9 checks that on
runtime and forcefully aborts your code if they do.
Repeat-By:
PS1="\w"
cd /
bash exists with an abort trap.
Fix:
Assign the return value from polite_directory_format to a temporary value.
If the pointers are different and only then do a strcpy
--- parse.y.orig 2013-07-03 22:00:42.000000000 +0200
+++ parse.y 2013-07-03 22:02:23.000000000 +0200
@@ -5262,7 +5262,12 @@
else
/* polite_directory_format is guaranteed to return a string
no longer than PATH_MAX - 1 characters. */
- strcpy (t_string, polite_directory_format (t_string));
+ /* polite_directory_format might simply return the pointer
to t_string
+ strcpy(3) tells dst and src may not overlap, OS X 10.9
asserts this and
+ triggers an abort trap if that's the case */
+ temp = polite_directory_format (t_string);
+ if (temp != t_string)
+ strcpy (t_string, temp);
temp = trim_pathname (t_string, PATH_MAX - 1);
/* If we're going to be expanding the prompt string later,
- strcpy of overlapping memory ranges in prompt expansion,
simon <=