diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2023-01-03 17:51:18 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-01-08 20:03:08 +0800 |
commit | b4ecd84eb4048522648bc16920d3615cb243a6bf (patch) | |
tree | 43708b2832cf97e6526d15496ca9206d37a29895 | |
parent | 44ae22beedf8a3d68bbfa1d065ad677182372de2 (diff) | |
download | dash-b4ecd84eb4048522648bc16920d3615cb243a6bf.tar.gz |
var: Do not add 1 to return value of strchrnul
When a variable like OPTIND is unset dash may call the action
function with a bogus pointer because it tries to add one to
the return value of strchrnul unconditionally.
Use strchr and nullstr instead.
Link: https://bugs.debian.org/985478
Reported-by: наб <nabijaczleweli@nabijaczleweli.xyz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | src/var.c | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -154,6 +154,10 @@ RESET { } #endif +static char *varnull(const char *s) +{ + return (strchr(s, '=') ?: nullstr - 1) + 1; +} /* * This routine initializes the builtin variables. It is called when the @@ -266,7 +270,7 @@ struct var *setvareq(char *s, int flags) goto out; if (vp->func && (flags & VNOFUNC) == 0) - (*vp->func)(strchrnul(s, '=') + 1); + (*vp->func)(varnull(s)); if ((vp->flags & (VTEXTFIXED|VSTACK)) == 0) ckfree(vp->text); @@ -531,7 +535,7 @@ poplocalvars(void) unsetvar(vp->text); } else { if (vp->func) - (*vp->func)(strchrnul(lvp->text, '=') + 1); + (*vp->func)(varnull(lvp->text)); if ((vp->flags & (VTEXTFIXED|VSTACK)) == 0) ckfree(vp->text); vp->flags = lvp->flags; |