From 027fb22e28fecc588d9e088a8d7d77fb63c7dc7b Mon Sep 17 00:00:00 2001 From: Ron Yorston Date: Fri, 16 Aug 2024 12:48:43 +0100 Subject: ash: allow additional element in argv array tryexec() in ash relies on all callers of shellexec() having an additional unused element before the start of its argv array. In busybox-w32 this was not the case when shellexec() was called from forkshell_shellexec(), as only the actual contents of the argv array were copied into the forkshell data block. In practice argv[-1] is only currently used when the 'which' applet is about to be run, so whatever got overwritten (probably cmdtable[30]) was unlikely to matter. Still, let's be correct and allocate the additional element. Adds 16 bytes. --- shell/ash.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/shell/ash.c b/shell/ash.c index 340c7ce2f..94aabbc4c 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -16791,7 +16791,8 @@ argv_size(struct datasize ds, char **p) ds.funcstringsize += align_len(*p); p++; } - ds.funcblocksize += sizeof(char *); + // Allow for argv[-1] used by tryexec(). + ds.funcblocksize += 2 * sizeof(char *); } return ds; } @@ -16805,6 +16806,8 @@ argv_copy(char **p) #endif if (p) { + // argv[-1] for tryexec() + funcblock = (char *) funcblock + sizeof(char *); while (*p) { new = funcblock; funcblock = (char *) funcblock + sizeof(char *); @@ -16815,7 +16818,7 @@ argv_copy(char **p) new = funcblock; funcblock = (char *) funcblock + sizeof(char *); *new = NULL; - return start; + return start + 1; } return NULL; } -- cgit v1.2.3-55-g6feb