mirror of
https://github.com/dslm4515/BMLFS.git
synced 2025-08-16 16:39:38 +00:00
35 lines
1.4 KiB
Diff
35 lines
1.4 KiB
Diff
From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
|
|
Date: Tue, 8 Feb 2022 09:29:21 +0100
|
|
Subject: [PATCH] ed: don't use memcpy with overlapping memory regions
|
|
|
|
The memcpy invocations in the subCommand function, modified by this
|
|
commit, previously used memcpy with overlapping memory regions. This is
|
|
undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since
|
|
we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers
|
|
implementation catches this source of undefined behavior [0]. The issue
|
|
can only be triggered if the replacement string is the same size or
|
|
shorter than the old string.
|
|
|
|
Looking at the code, it seems to me that a memmove(3) is what was
|
|
actually intended here, this commit modifies the code accordingly.
|
|
|
|
[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504
|
|
---
|
|
editors/ed.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/editors/ed.c b/editors/ed.c
|
|
index 209ce9942..4a84f7433 100644
|
|
--- a/editors/ed.c
|
|
+++ b/editors/ed.c
|
|
@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
|
|
if (deltaLen <= 0) {
|
|
memcpy(&lp->data[offset], newStr, newLen);
|
|
if (deltaLen) {
|
|
- memcpy(&lp->data[offset + newLen],
|
|
+ memmove(&lp->data[offset + newLen],
|
|
&lp->data[offset + oldLen],
|
|
lp->len - offset - oldLen);
|
|
|