On 18 Jan., 04:41, Cameron Hutchison <c...@camh.ch> wrote:
> Configuration Information [Automatically generated, do not change]:
> Machine: x86_64
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
> -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
> -DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
> -DHAVE_CONFIG_H -I. -I../bash -I../bash/include -I../bash/lib -g -O2
> -Wall
> uname output: Linux balrog 2.6.37-balrog-1-00002-gaf41dc2 #2 SMP PREEMPT Tue
> Jan 18 11:16:08 EST 2011 x86_64 GNU/Linux
> Machine Type: x86_64-pc-linux-gnu
>
> Bash Version: 4.1
> Patch Level: 5
> Release Status: release
>
> Description:
> Prompt expansion of \W sometimes produces garbage prompts.
>
> Repeat-By:
> $ PS1='\W$ '
> ~$ cd /home
> hmee$ cd /proc
> pocc$ cd /lib32
> li332$
>
> Fix:
> In parse.y : decode_prompt_string() in the 'W' case, it uses strcpy
> to copy the basename of the path to the beginning of the string.
> For short strings, the src and dest args to strcpy may overlap
> which is not supported by strcpy.
>
> memmove should be used instead.
>
> change
> strcpy (t_string, t + 1);
> to
> memmove (t_string, t + 1, strlen(t + 1) + 1);
>
> (untested)
Hello Cameron,
you are right, but you'd copy to many characters, here is my tested
version and patch:
To: bug-bash@gnu.org
Subject: Corrupt prompt string using '\W' within PS1
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -
DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu' -
DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale' -
DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./
lib -g -O2
uname output: Linux gold 2.6.32-5-amd64 #1 SMP Fri Dec 10 15:35:08 UTC
2010 x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu
Bash Version: 4.1
Patch Level: 9
Release Status: release
Description:
Corrupt prompt string using the backslash-escaped special character
'\W'
Repeat-By:
When executing interactively bash displays the following sequence:
bash-4.1$ cd /
bash-4.1$ PS1="\W \$ "
/ $ cd home
hmee $ cd /media
meiia $
Fix:
Inside 'y.tab.c' the use of strcpy is in undefined behavior.
The 't_string' and 't' objects overlaps. Using the memmove,
copying takes place as if an intermediate buffer was used,
allowing the destination and source to overlap.
Regards,
Thomas Kuschel, oe6tkt
--- old/y.tab.c 2009-12-30 18:52:02.000000000 +0100
+++ y.tab.c 2011-02-11 12:36:45.682266575 +0100
@@ -7481,7 +7481,10 @@ decode_prompt_string (string)
{
t = strrchr (t_string, '/');
if (t)
- strcpy (t_string, t + 1);
+ /* strcpy: If copying takes place between objects
that overlap,
+ the behavior is undefined.
+ strcpy (t_string, t + 1); so changed to: */
+ memmove (t_string; t + 1, strlen (t));
}
}
#undef ROOT_PATH
