From 3963d943f8a9b4ef89f000b5e1424e63dba920f5 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 26 Apr 2010 14:21:27 +0200 Subject: [PATCH] ash: refresh stack pointers after makestrspace in rmescapes Without this, rmescapes sometimes returns random garbage while performing parameter expansions such as ${foo#bar}, in the event that the allocation of r happens to need to reallocate the stack and hence invalidate str and p. I'd love to provide a test case but unfortunately it's dependent on exact stack layout, so I don't have anything simpler than the situation described in https://bugs.launchpad.net/ubuntu/+source/partman-base/+bug/527401/comments/23 which involved a sequence of foo="${foo#*, }" expansions on a long string inside our RAID configuration tool. The same fix has been in dash since 2007-09-26, contributed by Roy Marples . I actually came up with it independently almost to the character, but then synced it up with the variable naming used in dash when I noticed that change afterwards. Signed-off-by: Colin Watson Signed-off-by: Denys Vlasenko --- shell/ash.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/shell/ash.c b/shell/ash.c index 9d55f892e..ec5e0b8c7 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -5425,7 +5425,11 @@ rmescapes(char *str, int flag) size_t fulllen = len + strlen(p) + 1; if (flag & RMESCAPE_GROW) { + int strloc = str - (char *)stackblock(); r = makestrspace(fulllen, expdest); + /* p and str may be invalidated by makestrspace */ + str = (char *)stackblock() + strloc; + p = str + len; } else if (flag & RMESCAPE_HEAP) { r = ckmalloc(fulllen); } else {