[U-Boot-Users] Hush and Autoscript Bug

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Daniel Hobi <dhobi@gmx.net>
To: u-boot@lists.denx.de
Subject: [U-Boot-Users] Hush and Autoscript Bug
Date: Wed, 15 Nov 2006 12:33:37 +0100	[thread overview]
Message-ID: <455AFB11.2020404@gmx.net> (raw)

Hello,

The following code snippet which was added by the U-Boot team to 
busybox' hush shell seems a bit strange. From u-boot-1.1.5/common/hush.c:

int parse_string_outer(char *s, int flag)
{
        struct in_str input;
#ifdef __U_BOOT__
        char *p = NULL;
        int rcode;
        if ( !s || !*s)
                return 1;
        if (!(p = strchr(s, '\n')) || *++p) {
                p = xmalloc(strlen(s) + 2);
                strcpy(p, s);
                strcat(p, "\n");
                setup_string_in_str(&input, p);
                rcode = parse_stream_outer(&input, flag);
                free(p);
                return rcode;
        } else {
#endif
        setup_string_in_str(&input, s);
        return parse_stream_outer(&input, flag);
#ifdef __U_BOOT__
        }
#endif
}

It looks like the second if() clause was added to make sure that the 
passed string s is terminated by \n\0. However, this has some flaws:

 1) If the string contains a \n which is not followed by a \0, the code 
tries to fix it by adding a \0. But strlen, strcpy and strcat work on 
zero-terminated strings. As it is, the code replaces the first \0 in (or 
beyond) the string with \n\0.

 2) If 1) would be fixed, the function could not process strings 
containing more than one \n anymore (because a \0 would be added after 
the first \n).

 3) If the string contains no \n (but is zero-terminated), the code 
inserts a \n before the \0. This messes up the return value of 
parse_stream_outer which scans for commands (everything which is 
terminated by either \n or \0), but returns the exit status of the last 
command only. If string s is terminated by \n\0, the last command is 
empty and parse_stream_outer always returns 0.

Problem 3) is the cause why autoscripts (both the function and the 
command) always return an exit value of 0.

In my opinion, the above check should be removed completely because the 
parameter string s should always be zero-terminated (all functions 
calling parse_string_outer already seem to ensure this). And, if you 
want the function to process the first command (terminated by \n or \0) 
only, the parameter flag should have bit FLAG_EXIT_FROM_LOOP set (like 
the commands 'boot' and 'run' do, which may be considered another bug..).

What do you think? Does anyone know the author of the above code snippet?

Best Regards,
Daniel

                 reply	other threads:[~2006-11-15 11:33 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=455AFB11.2020404@gmx.net \
    --to=dhobi@gmx.net \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox