From 215b0ca6e4fe466c6942d21a1bba62d97f2d5e5d Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 19 Aug 2016 18:23:56 +0200 Subject: hush: fix a bug in FEATURE_SH_STANDALONE=y config. Closes 9186 Run this in a "sh SCRIPT": sha256sum /dev/null echo END sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s. By this time, entire script is read, and buffered in a FILE object from fopen("SCRIPT"). But fgetc() did not consume entire input. exit() lseeks back by -9 bytes, from to 'e' in 'echo'. (this may be libc-specific). This change of fd position *is shared with the parent*! Now parent can read more, and it thinks there is another "echo END". End result: two "echo END"s are run. Fix this by _exit()ing instead. Signed-off-by: Denys Vlasenko --- libbb/appletlib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'libbb/appletlib.c') diff --git a/libbb/appletlib.c b/libbb/appletlib.c index c341817e2..f760af2cb 100644 --- a/libbb/appletlib.c +++ b/libbb/appletlib.c @@ -877,7 +877,9 @@ void FAST_FUNC run_applet_no_and_exit(int applet_no, char **argv) } if (ENABLE_FEATURE_SUID) check_suid(applet_no); - exit(applet_main[applet_no](argc, argv)); + xfunc_error_retval = applet_main[applet_no](argc, argv); + /* Note: applet_main() may also not return (die on a xfunc or such) */ + xfunc_die(); } # endif /* NUM_APPLETS > 0 */ -- cgit v1.2.3-55-g6feb From 7f0ebbc69ed14b2f35e8bc62b03612b94e270955 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 3 Oct 2016 17:42:53 +0200 Subject: hush: add commented-out debug printouts in "memleak" built-in Allocation addresses of malloc() are jittery, thought I had a mem leak in hush, but it was malloc variability. Signed-off-by: Denys Vlasenko --- libbb/appletlib.c | 8 ++++++++ shell/hush.c | 9 +++++++++ 2 files changed, 17 insertions(+) (limited to 'libbb/appletlib.c') diff --git a/libbb/appletlib.c b/libbb/appletlib.c index f760af2cb..2d01a3ae7 100644 --- a/libbb/appletlib.c +++ b/libbb/appletlib.c @@ -942,6 +942,14 @@ int main(int argc UNUSED_PARAM, char **argv) */ mallopt(M_MMAP_THRESHOLD, 32 * 1024 - 256); #endif +#if 0 /*def M_TOP_PAD*/ + /* When the program break is increased, then M_TOP_PAD bytes are added + * to the sbrk(2) request. When the heap is trimmed because of free(3), + * this much free space is preserved at the top of the heap. + * glibc default seems to be way too big: 128k, but need to verify. + */ + mallopt(M_TOP_PAD, 8 * 1024); +#endif #if !BB_MMU /* NOMMU re-exec trick sets high-order bit in first byte of name */ diff --git a/shell/hush.c b/shell/hush.c index 668b1f2b7..9b51f389e 100644 --- a/shell/hush.c +++ b/shell/hush.c @@ -9284,6 +9284,15 @@ static int FAST_FUNC builtin_memleak(char **argv UNUSED_PARAM) if (l < (unsigned long)p) l = (unsigned long)p; free(p); + +# if 0 /* debug */ + { + struct mallinfo mi = mallinfo(); + printf("top alloc:0x%lx malloced:%d+%d=%d\n", l, + mi.arena, mi.hblkhd, mi.arena + mi.hblkhd); + } +# endif + if (!G.memleak_value) G.memleak_value = l; -- cgit v1.2.3-55-g6feb