Google Git
Sign in
fuchsia / third_party / sbase / 38aeada42e8f6abae2da84f87b90dab3710d8466
commit38aeada42e8f6abae2da84f87b90dab3710d8466[log] [tgz]
authorYifei Teng <[email protected]>Wed Jan 15 14:10:26 2020 -0800
committerYifei Teng <[email protected]>Sun Jan 26 23:19:10 2020 -0800
tree8c5d19221d57795ed6bc013e0afd83cd9ea2c35e
parentd503e6b46269b1bd8c1d897e4254021220c3104f [diff]
[sbase] Fix buffer overflow in find.

It looks like the parse() function injects "-print"/"-a" arguments after
tokenizing, without resizing the "stack" variable.

TEST: running `find /bin` under asan does not crash.
Change-Id: I9533d787a22dce20216c57ce946b2faf89889fd8
1 file changed
tree: 8c5d19221d57795ed6bc013e0afd83cd9ea2c35e
  1. libutf/
  2. libutil/
  3. arg.h
  4. basename.1
  5. basename.c
  6. BUILD.gn
  7. cal.1
  8. cal.c
  9. cat.1
  10. cat.c
  11. chgrp.1
  12. chgrp.c
  13. chmod.1
  14. chmod.c
  15. chown.1
  16. chown.c
  17. chroot.1
  18. chroot.c
  19. cksum.1
  20. cksum.c
  21. cmp.1
  22. cmp.c
  23. cols.1
  24. cols.c
  25. comm.1
  26. comm.c
  27. compat.h
  28. config.mk
  29. cp.1
  30. cp.c
  31. cron.1
  32. cron.c
  33. crypt.h
  34. cut.1
  35. cut.c
  36. date.1
  37. date.c
  38. dirname.1
  39. dirname.c
  40. du.1
  41. du.c
  42. echo.1
  43. echo.c
  44. ed.1
  45. ed.c
  46. env.1
  47. env.c
  48. expand.1
  49. expand.c
  50. expr.1
  51. expr.c
  52. false.1
  53. false.c
  54. find.1
  55. find.c
  56. flock.1
  57. flock.c
  58. fold.1
  59. fold.c
  60. fs.h
  61. getconf.1
  62. getconf.c
  63. getconf.sh
  64. grep.1
  65. grep.c
  66. head.1
  67. head.c
  68. hostname.1
  69. hostname.c
  70. join.1
  71. join.c
  72. kill.1
  73. kill.c
  74. LICENSE
  75. link.1
  76. link.c
  77. ln.1
  78. ln.c
  79. logger.1
  80. logger.c
  81. logname.1
  82. logname.c
  83. ls.1
  84. ls.c
  85. Makefile
  86. md5.h
  87. md5sum.1
  88. md5sum.c
  89. mkdir.1
  90. mkdir.c
  91. mkfifo.1
  92. mkfifo.c
  93. mktemp.1
  94. mktemp.c
  95. mv.1
  96. mv.c
  97. nice.1
  98. nice.c
  99. nl.1
  100. nl.c
  101. nohup.1
  102. nohup.c
  103. od.1
  104. od.c
  105. paste.1
  106. paste.c
  107. pathchk.1
  108. pathchk.c
  109. printenv.1
  110. printenv.c
  111. printf.1
  112. printf.c
  113. pwd.1
  114. pwd.c
  115. queue.h
  116. readlink.1
  117. readlink.c
  118. README
  119. README.fuchsia
  120. renice.1
  121. renice.c
  122. rev.1
  123. rev.c
  124. rm.1
  125. rm.c
  126. rmdir.1
  127. rmdir.c
  128. rules.mk
  129. sed.1
  130. sed.c
  131. seq.1
  132. seq.c
  133. setsid.1
  134. setsid.c
  135. sha1.h
  136. sha1sum.1
  137. sha1sum.c
  138. sha224.h
  139. sha224sum.1
  140. sha224sum.c
  141. sha256.h
  142. sha256sum.1
  143. sha256sum.c
  144. sha384.h
  145. sha384sum.1
  146. sha384sum.c
  147. sha512-224.h
  148. sha512-224sum.1
  149. sha512-224sum.c
  150. sha512-256.h
  151. sha512-256sum.1
  152. sha512-256sum.c
  153. sha512.h
  154. sha512sum.1
  155. sha512sum.c
  156. sleep.1
  157. sleep.c
  158. sort.1
  159. sort.c
  160. split.1
  161. split.c
  162. sponge.1
  163. sponge.c
  164. strings.1
  165. strings.c
  166. sync.1
  167. sync.c
  168. tail.1
  169. tail.c
  170. tar.1
  171. tar.c
  172. tee.1
  173. tee.c
  174. test.1
  175. test.c
  176. text.h
  177. tftp.1
  178. tftp.c
  179. time.1
  180. time.c
  181. TODO
  182. touch.1
  183. touch.c
  184. tr.1
  185. tr.c
  186. true.1
  187. true.c
  188. tsort.1
  189. tsort.c
  190. tty.1
  191. tty.c
  192. uname.1
  193. uname.c
  194. unexpand.1
  195. unexpand.c
  196. uniq.1
  197. uniq.c
  198. unlink.1
  199. unlink.c
  200. utf.h
  201. util.h
  202. uudecode.1
  203. uudecode.c
  204. uuencode.1
  205. uuencode.c
  206. wc.1
  207. wc.c
  208. which.1
  209. which.c
  210. whoami.1
  211. whoami.c
  212. xargs.1
  213. xargs.c
  214. xinstall.1
  215. xinstall.c
  216. yes.1
  217. yes.c
OSZAR »