ash: allow additional element in argv array

tryexec() in ash relies on all callers of shellexec() having an
additional unused element before the start of its argv array.

In busybox-w32 this was not the case when shellexec() was called
from forkshell_shellexec(), as only the actual contents of the
argv array were copied into the forkshell data block.  In practice
argv[-1] is only currently used when the 'which' applet is about
to be run, so whatever got overwritten (probably cmdtable[30])
was unlikely to matter.

Still, let's be correct and allocate the additional element.

Adds 16 bytes.

1 files changed, 5 insertions, 2 deletions

diff --git a/shell/ash.c b/shell/ash.c
index 340c7ce2f..94aabbc4c 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -16791,7 +16791,8 @@ argv_size(struct datasize ds, char **p)
                         ds.funcstringsize += align_len(*p);
                         p++;
                 }
-                ds.funcblocksize += sizeof(char *);
+                // Allow for argv[-1] used by tryexec().
+                ds.funcblocksize += 2 * sizeof(char *);
         }
         return ds;
 }
@@ -16805,6 +16806,8 @@ argv_copy(char **p)
 #endif
 
         if (p) {
+                // argv[-1] for tryexec()
+                funcblock = (char *) funcblock + sizeof(char *);
                 while (*p) {
                         new = funcblock;
                         funcblock = (char *) funcblock + sizeof(char *);
@@ -16815,7 +16818,7 @@ argv_copy(char **p)
                 new = funcblock;
                 funcblock = (char *) funcblock + sizeof(char *);
                 *new = NULL;
-                return start;
+                return start + 1;
         }
         return NULL;
 }