Bug 9556

Summary: glob() in ash is overused
Product: Busybox Reporter: Przemysław Pawełczyk <przemoc>
Component: OtherAssignee: unassigned
Status: RESOLVED WONTFIX    
Severity: normal CC: busybox-cvs
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description Przemysław Pawełczyk 2017-01-05 00:57:09 UTC 
In http://lists.busybox.net/pipermail/busybox/2017-January/085055.html Denys wrote: "Okay, so by now that usage of glob() in ash uncovered glob() bugs in both uclibc and musl.", but due to musl's inability to handle patterns longer than PATH_MAX (which is 4096 in musl), other kind of bug has been uncovered in busybox's ash itself.

glob() in ash is overused.  Example:

   $ busybox ash -c 'X=$(printf "%*s" 4096 "*"); echo "$X"'

I don't think there is any legitimate reason to call glob() here during echo, yet it is called (and fails in current musl version, leading to GLOB_NOSPACE and ash's "out of memory" error).

(Initially reported on #busybox freenode IRC channel two days ago.)
Comment 1 Denys Vlasenko 2017-01-05 13:19:27 UTC 
echo "$X" does not need to glob(), true.

But think about this: echo "$X"*.txt
This _does_ need to be globbed. ash code does not have any special smart code to detect when entire word is quoted. It will attempt globbing even for "$X" (it escapes any ? or * in $X, so that they won't be used as wildcards).
Comment 2 Denys Vlasenko 2017-01-05 13:24:00 UTC 
BTW, hush works similarly. There is no escaping the fact that glob() in libc is required to work properly.