[Toybox] Fixing find segfault: questions

Tom Marshall tom at cyngn.com
Mon Apr 11 14:02:55 PDT 2016


Currently toybox find (toys/posix/find.c) will segfault when the -iname 
predicate is used on both sides of an -o predicate, the LHS evaluates to 
true, and the expression followed with the -exec action.  This is 
because the initial parsing pass saves both the iname patterns in 
lowercase form and the exec arguments on TT.arglist, but subsequent 
passes do not pop the iname pattern for the RHS.  The exec then attempts 
to use the RHS pattern as the exec arguments.

Example, run on Debian 8.x amd64:


$ ./toybox find d \( -iname Exists.txt -o -iname foo \) -exec echo {} \;
Segmentation fault


There are several possible strategies to fix this issue.  The simplest 
fix in terms of code change may be simply to always pop the iname 
pattern regardless of whether it will be checked.  However, it would be 
more efficient to avoid putting the iname pattern in arglist 
altogether.  If we are to avoid putting the iname pattern in arglist, I 
see the two options below.  Any preferences which to go with?

1. We could directly convert the argument to lowercase in the initial 
parsing pass instead of storing it in arglist.  This would require 
underlying support for modifying argv strings.  This works on Debian 8.x 
amd64 and on Android 6.x, and I don't see any documentation in POSIX 
that indicates it is disallowed.  Are there any known supported platform 
for which this would not work?

2. We could leverage the FNM_CASEFOLD flag to fnmatch(3).  This is a GNU 
extension but it is supported on both mainline Linux (glibc) and Android 
(bionic).  It also seems supported on FreeBSD, and probably other 
*BSDs.  Are there any known supported platforms that do not support this 
flag?

Thanks!



More information about the Toybox mailing list