Bug 10761

Summary: busybox shell is more easily to get SEGV for processing backtick '`' command.
Product: Busybox Reporter: frank chen <frank.chen2>
Component: OtherAssignee: unassigned
Status: NEW ---    
Severity: critical CC: busybox-cvs, martin.lewis.x84
Priority: P5    
Version: 1.28.x   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:
Attachments: ash: fix SEGV in parsebackq on big buffers caused by alloca

Description frank chen 2018-02-14 22:42:43 UTC 
The new shell(ash.c) use alloca() to allocate memory for parsebackq: (backtick '`' command). but for some scripts which use a lot of this kind of commands, the result is terrible(I thought the default stack size is 16000).

I got this since I try to configure libtool package on my new system with new busybox, and I got SEGV.

I use ckmalloc() and free() to resolve this problem.
Comment 1 Martin Lewis 2018-11-14 13:23:55 UTC 
Created attachment 7886 [details]
ash: fix SEGV in parsebackq on big buffers caused by alloca

Hi, I wrote a little patch that should fix this bug

Before fix:
# python -c "print 'echo \"' + ' ' * 3000000 + ' \`true\`' * 1000 + '\"'" > test.sh
# bash test.sh | wc
      1       0 3001001
# ./busybox ash test.sh
Segmentation fault (core dumped)

After fix:
# python -c "print 'echo \"' + ' ' * 3000000 + ' \`true\`' * 1000 + '\"'" > test.sh
# ./busybox ash test.sh | wc
      1       0 3001001