• use wdcopy() not str_save() to duplicate an “encoded string”, whatever
• prevent out-of-bounds memory access, cought by glibc malloc on IA-64
This commit is contained in:
7
eval.c
7
eval.c
@@ -2,7 +2,7 @@
|
||||
|
||||
#include "sh.h"
|
||||
|
||||
__RCSID("$MirOS: src/bin/mksh/eval.c,v 1.24 2007/03/04 03:04:24 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/eval.c,v 1.25 2007/03/14 02:41:08 tg Exp $");
|
||||
|
||||
#ifdef MKSH_SMALL
|
||||
#define MKSH_NOPWNAM
|
||||
@@ -279,10 +279,11 @@ expand(const char *cp, /* input word */
|
||||
char *beg, *end, *str;
|
||||
|
||||
sp = varname - 2; /* restore sp */
|
||||
end = (beg = str_save(sp, ATEMP)) +
|
||||
end = (beg = wdcopy(sp, ATEMP)) +
|
||||
(wdscan(sp, CSUBST) - sp);
|
||||
/* ({) the } or x is already skipped */
|
||||
*end = EOS;
|
||||
if (end < wdscan(beg, EOS))
|
||||
*end = EOS;
|
||||
str = snptreef(NULL, 64, "%S", beg);
|
||||
afree(beg, ATEMP);
|
||||
errorf("%s: bad substitution", str);
|
||||
|
Reference in New Issue
Block a user