[Bug 1824732] Re: iocsh crashes when dealing with NULL iocshArgPersistentString

[Andrew Johnson via Core-talk <core-talk at aps.anl.gov>]

But not on the 3.15 branch, that could get the fix if anyone feels like
back-porting the code change from the 7.0 branch.

-- 
You received this bug notification because you are a member of EPICS
Core Developers, which is subscribed to EPICS Base.
Matching subscriptions: epics-core-list-subscription
https://bugs.launchpad.net/bugs/1824732

Title:
  iocsh crashes when dealing with NULL iocshArgPersistentString

Status in EPICS Base:
  Fix Released
Status in EPICS Base 3.15 series:
  Triaged
Status in EPICS Base 7.0 series:
  Fix Released

Bug description:
  I was looking at the iocsh.cpp (@R7.0.2.1) code and realized that
  there's a bug when parsing command arguments of type
  iocshArgPersistentString. The code in cvtArg does the following:

     case iocshArgPersistentString:
          argBuf->sval = (char *) malloc(strlen(arg) + 1);
          if (argBuf->sval == NULL) {
              showError(filename, lineno, "Out of memory");
              return 0;
          }
          strcpy(argBuf->sval, arg);
          break;

  However, here 'arg' can be NULL, so 'strlen' can (will?) SEGFAULT. I
  was able to successfully trigger the issue. I don't know where this is
  used or who uses this functionality exactly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/epics-base/+bug/1824732/+subscriptions