• fix ${12345678901234567890} segfault (OOB access / integer overflow)

‣ not like oksh did, but using mksh’s built-in features • handle suggested __pure additions • revert cid 1004F7F096867C83CF0 ‣ always use our wcwidth code ‣ only use our strlcpy code if none found • fix a couple of gcc-snapshot and clang/scan-build warnings • mksh R49~rc1
2014-01-05 21:57:29 +00:00
parent 2f6fa6fb3d
commit 89e774fd7e
13 changed files with 149 additions and 126 deletions
--- a/exec.c
+++ b/exec.c
@ -2,7 +2,7 @@

 /*-
 * Copyright (c) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
- *		 2011, 2012, 2013
+ *		 2011, 2012, 2013, 2014
 *	Thorsten Glaser <tg@mirbsd.org>
 *
 * Provided that these terms and disclaimer and all copyright notices
@ -23,7 +23,7 @@

 #include "sh.h"

-__RCSID("$MirOS: src/bin/mksh/exec.c,v 1.127 2013/10/09 11:59:27 tg Exp $");
+__RCSID("$MirOS: src/bin/mksh/exec.c,v 1.128 2014/01/05 21:57:25 tg Exp $");

 #ifndef MKSH_DEFAULT_EXECSHELL
 #define MKSH_DEFAULT_EXECSHELL	"/bin/sh"
@ -884,14 +884,14 @@ scriptexec(struct op *tp, const char **ap)
 		fd = (char *)cp - buf;		/* either 0 or (if BOM) 3 */

 		/* scan for newline (or CR) or NUL _before_ end of buffer */
-		while ((char *)cp < (buf + sizeof(buf)))
+		while ((size_t)((char *)cp - buf) < sizeof(buf))
 			if (*cp == '\0' || *cp == '\n' || *cp == '\r') {
 				*cp = '\0';
 				break;
 			} else
 				++cp;
 		/* if the shebang line is longer than MAXINTERP, bail out */
-		if ((char *)cp >= (buf + sizeof(buf)))
+		if ((size_t)((char *)cp - buf) >= sizeof(buf))
 			goto noshebang;

 		/* restore begin of shebang position (buf+0 or buf+3) */