From 89279d87c5d3e0ea330be1f927e3f3bc59dbc2a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LI=20G=C3=A1bor=20J=C3=A1nos?= Date: Thu, 3 Aug 2023 10:10:44 +0200 Subject: Update to Linux 6.1 and Alpine 3.18 - Update base-layout to 3.4.3 - Update busybox to 1.36.1 - Update iptables to 1.8.9 - Update linux-lts to 6.1.53 - Update to openrc to 0.48 - Update rtl8821ce to snapshot of 20230915 - Replace rtwB88 with a third-party driver - Update rtw89 to snapshot of 20230913 - Import wpa_supplicant fixes from Arch Linux --- ...void-segfault-on-0-0-0-09J-.-Closes-15216.patch | 80 ++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch (limited to 'aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch') diff --git a/aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch b/aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch new file mode 100644 index 0000000..4017548 --- /dev/null +++ b/aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch @@ -0,0 +1,80 @@ +From f69ade3845f9c1cc8cf47251d5f3ba41aab2ce21 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Mon, 12 Jun 2023 16:51:43 +0200 +Subject: [PATCH] shell: avoid segfault on ${0::0/0~09J}. Closes 15216 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +function old new delta +evaluate_string 1011 1053 +42 + +Signed-off-by: Denys Vlasenko +--- + shell/math.c | 39 +++++++++++++++++++++++++++++++++++---- + 1 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/shell/math.c b/shell/math.c +index 76d22c9bd..727c29467 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr) + # endif + #endif + ++//TODO: much better estimation than expr_len/2? Such as: ++//static unsigned estimate_nums_and_names(const char *expr) ++//{ ++// unsigned count = 0; ++// while (*(expr = skip_whitespace(expr)) != '\0') { ++// const char *p; ++// if (isdigit(*expr)) { ++// while (isdigit(*++expr)) ++// continue; ++// count++; ++// continue; ++// } ++// p = endofname(expr); ++// if (p != expr) { ++// expr = p; ++// count++; ++// continue; ++// } ++// } ++// return count; ++//} ++ + static arith_t + evaluate_string(arith_state_t *math_state, const char *expr) + { +@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr) + const char *errmsg; + const char *start_expr = expr = skip_whitespace(expr); + unsigned expr_len = strlen(expr) + 2; +- /* Stack of integers */ +- /* The proof that there can be no more than strlen(startbuf)/2+1 +- * integers in any given correct or incorrect expression +- * is left as an exercise to the reader. */ ++ /* Stack of integers/names */ ++ /* There can be no more than strlen(startbuf)/2+1 ++ * integers/names in any given correct or incorrect expression. ++ * (modulo "09v09v09v09v09v" case, ++ * but we have code to detect that early) ++ */ + var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ +@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr) + numstackptr->var = NULL; + errno = 0; + numstackptr->val = strto_arith_t(expr, (char**) &expr); ++ /* A number can't be followed by another number, or a variable name. ++ * We'd catch this later anyway, but this would require numstack[] ++ * to be twice as deep to handle strings where _every_ char is ++ * a new number or name. Example: 09v09v09v09v09v09v09v09v09v ++ */ ++ if (isalnum(*expr) || *expr == '_') ++ goto err; + //bb_error_msg("val:%lld", numstackptr->val); + if (errno) + numstackptr->val = 0; /* bash compat */ -- cgit v1.2.3