EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: [Bug 1824732] Re: iocsh crashes when dealing with NULL iocshArgPersistentString
From: Andrew Johnson via Core-talk <[email protected]>
To: [email protected]
Date: Tue, 23 Apr 2019 19:58:14 -0000 
iocshArgPersistentString was intended for use when the routine being
called stores the arg pointer instead of making its own copy and uses it
again later. This is somewhat uncommon and there are no commands in Base
that register such an argument (a 'git grep' comes up with only 2
instances of that word), but it is still used in some support modules.

** Tags added: codeathon

** Changed in: epics-base
       Status: New => Triaged

** Changed in: epics-base
   Importance: Undecided => Low

** Also affects: epics-base/3.15
   Importance: Undecided
       Status: New

** Also affects: epics-base/7.0
   Importance: Low
       Status: Triaged

** Changed in: epics-base/3.15
       Status: New => Triaged

** Changed in: epics-base/3.15
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of EPICS
Core Developers, which is subscribed to EPICS Base.
Matching subscriptions: epics-core-list-subscription
https://bugs.launchpad.net/bugs/1824732

Title:
  iocsh crashes when dealing with NULL iocshArgPersistentString

Status in EPICS Base:
  Triaged
Status in EPICS Base 3.15 series:
  Triaged
Status in EPICS Base 7.0 series:
  Triaged

Bug description:
  I was looking at the iocsh.cpp (@R7.0.2.1) code and realized that
  there's a bug when parsing command arguments of type
  iocshArgPersistentString. The code in cvtArg does the following:

     case iocshArgPersistentString:
          argBuf->sval = (char *) malloc(strlen(arg) + 1);
          if (argBuf->sval == NULL) {
              showError(filename, lineno, "Out of memory");
              return 0;
          }
          strcpy(argBuf->sval, arg);
          break;

  However, here 'arg' can be NULL, so 'strlen' can (will?) SEGFAULT. I
  was able to successfully trigger the issue. I don't know where this is
  used or who uses this functionality exactly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/epics-base/+bug/1824732/+subscriptions
Navigate by Date:
Prev: [Bug 1824277] Re: Regression in calcout setting constant links at runtime Andrew Johnson via Core-talk
Next: Jenkins build is still unstable: epics-7.0 » linux64 #115 APS Jenkins via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024 
Navigate by Thread:
Prev: [Bug 1824277] Re: Regression in calcout setting constant links at runtime Ralph Lange via Core-talk
Next: ICALEPCS 2019 Contributions Johnson, Andrew N. via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024 
ANJ, 25 Apr 2019 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·