diff options
| -rw-r--r-- | shell/ash.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/shell/ash.c b/shell/ash.c index 789a81cc3..790367bd8 100644 --- a/shell/ash.c +++ b/shell/ash.c | |||
| @@ -11659,9 +11659,18 @@ parsebackq: { | |||
| 11659 | str = NULL; | 11659 | str = NULL; |
| 11660 | savelen = out - (char *)stackblock(); | 11660 | savelen = out - (char *)stackblock(); |
| 11661 | if (savelen > 0) { | 11661 | if (savelen > 0) { |
| 11662 | /* | ||
| 11663 | * FIXME: this can allocate very large block on stack and SEGV. | ||
| 11664 | * Example: | ||
| 11665 | * echo "..<100kbytes>..`true` $(true) `true` ..." | ||
| 11666 | * alocates 100kb for every command subst. With about | ||
| 11667 | * a hundred command substitutions stack overflows. | ||
| 11668 | * With larger prepended string, SEGV happens sooner. | ||
| 11669 | */ | ||
| 11662 | str = alloca(savelen); | 11670 | str = alloca(savelen); |
| 11663 | memcpy(str, stackblock(), savelen); | 11671 | memcpy(str, stackblock(), savelen); |
| 11664 | } | 11672 | } |
| 11673 | |||
| 11665 | if (oldstyle) { | 11674 | if (oldstyle) { |
| 11666 | /* We must read until the closing backquote, giving special | 11675 | /* We must read until the closing backquote, giving special |
| 11667 | * treatment to some slashes, and then push the string and | 11676 | * treatment to some slashes, and then push the string and |