From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Tempel?= Date: Tue, 8 Feb 2022 09:29:21 +0100 Subject: [PATCH] ed: don't use memcpy with overlapping memory regions The memcpy invocations in the subCommand function, modified by this commit, previously used memcpy with overlapping memory regions. This is undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers implementation catches this source of undefined behavior [0]. The issue can only be triggered if the replacement string is the same size or shorter than the old string. Looking at the code, it seems to me that a memmove(3) is what was actually intended here, this commit modifies the code accordingly. [0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504 --- editors/ed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/editors/ed.c b/editors/ed.c index 209ce9942..4a84f7433 100644 --- a/editors/ed.c +++ b/editors/ed.c @@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2) if (deltaLen <= 0) { memcpy(&lp->data[offset], newStr, newLen); if (deltaLen) { - memcpy(&lp->data[offset + newLen], + memmove(&lp->data[offset + newLen], &lp->data[offset + oldLen], lp->len - offset - oldLen);