From owner-cvs-all Sun Feb 3 2: 1:53 2002 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 5AAC537B404; Sun, 3 Feb 2002 02:01:49 -0800 (PST) Received: (from knu@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g13A1nr72223; Sun, 3 Feb 2002 02:01:49 -0800 (PST) (envelope-from knu) Message-Id: <200202031001.g13A1nr72223@freefall.freebsd.org> From: Akinori MUSHA Date: Sun, 3 Feb 2002 02:01:49 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/bin/test test.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG knu 2002/02/03 02:01:49 PST Modified files: bin/test test.c Log: Work around a buffer overflow problem on argv that has been exposed after making test(1) a sh(1) builtin; sh(1) coredumps when you run something like this: sh -c 'test ! `true 1`' The cause is that the test(1) code totally depends on the presence of two extra cells at the end of argv that are filled with NULL's. The reason why the bug hasn't been exposed would be because the C startup code kindly prepares argv with some extra zeroed cells for a program. I know this is not the best fix, but since there are argv++'s without boundary checks everywhere, I'd rather patch it up like this (preparing a copy of argv with extra NULL's) for the moment. MFC after: 3 days Revision Changes Path 1.40 +16 -6 src/bin/test/test.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message