[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-shipped getcwd() replacement does not work on interix.

From: Michael Haubenwallner
Subject: Re: bash-shipped getcwd() replacement does not work on interix.
Date: Fri, 21 Dec 2007 13:51:19 +0100

On Thu, 2007-12-20 at 08:08 -0500, Chet Ramey wrote:
> Michael Haubenwallner wrote:
> > Machine: i586
> > OS: interix5.2
> > Compiler: gcc 
> > Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i586'
> > -DCONF_OSTYPE='interix5.2' -DCONF_MACHTYPE='i586-pc-interix5.2'
> > -DCONF_VENDOR='pc'
> > -DLOCALEDIR='/tools/snapshot/prefix-launcher-1pre.20071219/i586-pc-interix5.2/share/locale'
> >  -DPACKAGE='bash' 
> > -DLOCAL_PREFIX=/tools/snapshot/prefix-launcher-1pre.20071219/i586-pc-interix5.2
> > -D_POSIX_SOURCE   -I.  
> > -I/tss/prefix-launcher-1pre.20071219/buildroot/bash/bash-3.2 
> > -I/tss/prefix-launcher-1pre.20071219/buildroot/bash/bash-3.2/include 
> > -I/tss/prefix-launcher-1pre.20071219/buildroot/bash/bash-3.2/lib   -g -O2
> > uname output: Interix pc312001 5.2 SP-9.0.3790.3034 x86
> > Intel_x86_Family6_Model15_Stepping6
> > Machine Type: i586-pc-interix5.2
> > 
> > Bash Version: 3.2 
> > Patch Level: 33
> > Release Status: release
> > 
> > Description:
> >     Bash uses getcwd-replacement if libc provides getcwd without the
> >     feature of allocating the buffer when called without one.
> >     This override is done in config-bot.h, with an exception for
> >     solaris already.
> >     Problem now is that getcwd-replacement does not work on Interix
> >     (SUA 5.2 here).
> I'd be more interested in knowing why it doesn't work in this case,
> instead of discarding it.  Since I neither have nor use Interix, I
> need someone who does to investigate the issue a little bit.

It is because readdir() returns 0 (zero) for (struct dirent).(d_ino),
while stat() returns useful values for (struct stat).(st_ino), so their 
equal-comparison never succeeds.

Now, while trying to get inode number from stat() rather than readdir(),
I've seen another bug unrelated to readdir()/stat(), but still in
getcwd() replacement, causing a coredump here.

It is with the memcpy() from the internal buffer to the allocated return
buffer, but only when there is a minimal buffer size specified - wth. is
this done in get_working_directory() when GETCWD_BROKEN is defined:
Does Solaris (config-bot.h) allocate the buffer when a size is passed ?

Attached patch fixes this one issue, by still allocating at least
provided buffer size, but doing the memcpy with real path length.
When done with buffer size, memcpy reads beyond the end of the source
buffer on the stack. The SIGSEGV was caused here because it has read
beyond the whole stack frame page.

Michael Haubenwallner
Gentoo on a different level

Attachment: bash-32-getcwd-memcpy.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]