[Toybox] [PATCH] Fix find segfault.
Daniel K. Levy
alliedenvy at gmail.com
Sat Sep 12 07:21:58 PDT 2015
Okay, I found and fixed two different bugs in find.
One, the -user, -group, -newer code branch during the action phase
didn't pop off argdata when the check variable was false, causing the
argdata list to get skewed vs. the filter. This led to -exec getting
garbage off argdata and acting up. An example:
$ ./toybox find -type f -user nobody -exec : \;
find: bad arg ';'
and bafflingly:
$ ./toybox find -type f -user nobody -exec : -exec : \;
Segmentation fault
Two, the {} branch under -exec was running strcmp(ss[len+1], "+")
without checking to make sure ss[len+1] wasn't null. So if you used {}
and put nothing after, it would segfault.
The -exec ls {} + still doesn't work, though. Is it broken, or just
unimplemented?
Patch follows.
diff --git a/toys/posix/find.c b/toys/posix/find.c
index 53aa2d9..f937942 100644
--- a/toys/posix/find.c
+++ b/toys/posix/find.c
@@ -357,7 +357,7 @@ static int do_find(struct dirtree *new)
if (new->st.st_mtim.tv_sec == udl->u.tm.tv_sec)
test = new->st.st_mtim.tv_nsec > udl->u.tm.tv_nsec;
}
- }
+ } else if (new) llist_pop(&argdata);
} else if (!strcmp(s, "exec") || !strcmp("ok", s)
|| !strcmp(s, "execdir") || !strcmp(s, "okdir"))
{
@@ -381,7 +381,7 @@ static int do_find(struct dirtree *new)
if (!strcmp(ss[len], ";")) break;
else if (!strcmp(ss[len], "{}")) {
aa->curly = len;
- if (!strcmp(ss[len+1], "+")) {
+ if (ss[len+1] && !strcmp(ss[len+1], "+")) {
// Measure environment space
if (!TT.envsize) {
1442067718.0
More information about the Toybox
mailing list