diff options
authorColin Watson <>2010-04-26 12:21:27 (GMT)
committerDenys Vlasenko <>2010-04-26 12:21:27 (GMT)
commit3963d943f8a9b4ef89f000b5e1424e63dba920f5 (patch)
parent920185c69ac9addf06cb47a0f2336e075d6dacb2 (diff)
ash: refresh stack pointers after makestrspace in rmescapes
Without this, rmescapes sometimes returns random garbage while performing parameter expansions such as ${foo#bar}, in the event that the allocation of r happens to need to reallocate the stack and hence invalidate str and p. I'd love to provide a test case but unfortunately it's dependent on exact stack layout, so I don't have anything simpler than the situation described in which involved a sequence of foo="${foo#*, }" expansions on a long string inside our RAID configuration tool. The same fix has been in dash since 2007-09-26, contributed by Roy Marples <>. I actually came up with it independently almost to the character, but then synced it up with the variable naming used in dash when I noticed that change afterwards. Signed-off-by: Colin Watson <> Signed-off-by: Denys Vlasenko <>
1 files changed, 4 insertions, 0 deletions
diff --git a/shell/ash.c b/shell/ash.c
index 9d55f89..ec5e0b8 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -5425,7 +5425,11 @@ rmescapes(char *str, int flag)
size_t fulllen = len + strlen(p) + 1;
if (flag & RMESCAPE_GROW) {
+ int strloc = str - (char *)stackblock();
r = makestrspace(fulllen, expdest);
+ /* p and str may be invalidated by makestrspace */
+ str = (char *)stackblock() + strloc;
+ p = str + len;
} else if (flag & RMESCAPE_HEAP) {
r = ckmalloc(fulllen);
} else {