Subject: |
[Bug 1824732] Re: iocsh crashes when dealing with NULL iocshArgPersistentString |
From: |
Andrew Johnson via Core-talk <[email protected]> |
To: |
[email protected] |
Date: |
Tue, 23 Apr 2019 19:58:14 -0000 |
iocshArgPersistentString was intended for use when the routine being
called stores the arg pointer instead of making its own copy and uses it
again later. This is somewhat uncommon and there are no commands in Base
that register such an argument (a 'git grep' comes up with only 2
instances of that word), but it is still used in some support modules.
** Tags added: codeathon
** Changed in: epics-base
Status: New => Triaged
** Changed in: epics-base
Importance: Undecided => Low
** Also affects: epics-base/3.15
Importance: Undecided
Status: New
** Also affects: epics-base/7.0
Importance: Low
Status: Triaged
** Changed in: epics-base/3.15
Status: New => Triaged
** Changed in: epics-base/3.15
Importance: Undecided => Low
--
You received this bug notification because you are a member of EPICS
Core Developers, which is subscribed to EPICS Base.
Matching subscriptions: epics-core-list-subscription
https://bugs.launchpad.net/bugs/1824732
Title:
iocsh crashes when dealing with NULL iocshArgPersistentString
Status in EPICS Base:
Triaged
Status in EPICS Base 3.15 series:
Triaged
Status in EPICS Base 7.0 series:
Triaged
Bug description:
I was looking at the iocsh.cpp (@R7.0.2.1) code and realized that
there's a bug when parsing command arguments of type
iocshArgPersistentString. The code in cvtArg does the following:
case iocshArgPersistentString:
argBuf->sval = (char *) malloc(strlen(arg) + 1);
if (argBuf->sval == NULL) {
showError(filename, lineno, "Out of memory");
return 0;
}
strcpy(argBuf->sval, arg);
break;
However, here 'arg' can be NULL, so 'strlen' can (will?) SEGFAULT. I
was able to successfully trigger the issue. I don't know where this is
used or who uses this functionality exactly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/epics-base/+bug/1824732/+subscriptions
- Navigate by Date:
- Prev:
[Bug 1824277] Re: Regression in calcout setting constant links at runtime Andrew Johnson via Core-talk
- Next:
Jenkins build is still unstable: epics-7.0 » linux64 #115 APS Jenkins via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
[Bug 1824277] Re: Regression in calcout setting constant links at runtime Ralph Lange via Core-talk
- Next:
ICALEPCS 2019 Contributions Johnson, Andrew N. via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
|