aboutsummaryrefslogtreecommitdiff
path: root/shell/ash.c
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2016-09-17 20:53:47 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2016-09-17 20:53:47 +0200
commit7bc3d39695728c6257a95bc2d75e80d3e2431c8b (patch)
tree4e05b6f94f7f0ab428ed63515d1e888b35e69426 /shell/ash.c
parentd2c5de0130d46e3314908cddb5f831a84a9f9e27 (diff)
downloadbusybox-w32-7bc3d39695728c6257a95bc2d75e80d3e2431c8b.tar.gz
busybox-w32-7bc3d39695728c6257a95bc2d75e80d3e2431c8b.tar.bz2
busybox-w32-7bc3d39695728c6257a95bc2d75e80d3e2431c8b.zip
ash: add a FIXME for bug 9246
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'shell/ash.c')
-rw-r--r--shell/ash.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/shell/ash.c b/shell/ash.c
index 789a81cc3..790367bd8 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -11659,9 +11659,18 @@ parsebackq: {
11659 str = NULL; 11659 str = NULL;
11660 savelen = out - (char *)stackblock(); 11660 savelen = out - (char *)stackblock();
11661 if (savelen > 0) { 11661 if (savelen > 0) {
11662 /*
11663 * FIXME: this can allocate very large block on stack and SEGV.
11664 * Example:
11665 * echo "..<100kbytes>..`true` $(true) `true` ..."
11666 * alocates 100kb for every command subst. With about
11667 * a hundred command substitutions stack overflows.
11668 * With larger prepended string, SEGV happens sooner.
11669 */
11662 str = alloca(savelen); 11670 str = alloca(savelen);
11663 memcpy(str, stackblock(), savelen); 11671 memcpy(str, stackblock(), savelen);
11664 } 11672 }
11673
11665 if (oldstyle) { 11674 if (oldstyle) {
11666 /* We must read until the closing backquote, giving special 11675 /* We must read until the closing backquote, giving special
11667 * treatment to some slashes, and then push the string and 11676 * treatment to some slashes, and then push the string and
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 08:42:09 +0000