From: oe6...@gmx.at
To: bug-bash@gnu.org
Subject: Corrupt prompt string using '\W' within PS1
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu'
-DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/local/share/locale'
-DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I. -I./include
-I./lib -g -O2
uname output: Linux gold 2.6.32-5-amd64 #1 SMP Fri Dec 10 15:35:08 UTC
2010 x86_64 GNU/Linux
Machine Type: x86_64-unknown-linux-gnu
Bash Version: 4.1
Patch Level: 9
Release Status: release
Description:
Corrupt prompt string using the backslash-escaped special character
'\W'
Repeat-By:
When executing interactively bash displays the following sequence:
bash-4.1$ cd /
bash-4.1$ PS1="\W \$ "
/ $ cd home
hmee $ cd /media
meiia $
Fix:
Inside 'y.tab.c' the use of strcpy is in undefined behavior.
The 't_string' and 't' objects overlaps. Using the memmove,
copying takes place as if an intermediate buffer was used,
allowing the destination and source to overlap.
Regards,
Thomas Kuschel, oe6tkt
--- old/y.tab.c 2009-12-30 18:52:02.000000000 +0100
+++ y.tab.c 2011-02-11 12:36:45.682266575 +0100
@@ -7481,7 +7481,10 @@ decode_prompt_string (string)
{
t = strrchr (t_string, '/');
if (t)
- strcpy (t_string, t + 1);
+ /* strcpy: If copying takes place between objects that
overlap,
+ the behavior is undefined.
+ strcpy (t_string, t + 1); so changed to: */
+ memmove (t_string; t + 1, strlen (t));
}
}
#undef ROOT_PATH
--- old/y.tab.c 2009-12-30 18:52:02.000000000 +0100
+++ y.tab.c 2011-02-11 12:36:45.682266575 +0100
@@ -7481,7 +7481,10 @@ decode_prompt_string (string)
{
t = strrchr (t_string, '/');
if (t)
- strcpy (t_string, t + 1);
+ /* strcpy: If copying takes place between objects that overlap,
+ the behavior is undefined.
+ strcpy (t_string, t + 1); so changed to: */
+ memmove (t_string; t + 1, strlen (t));
}
}
#undef ROOT_PATH
