[PATCH 1/2] hush: do not do anything if string is zero length

Aleksey Kuleshov rndfax at yandex.ru
Thu Aug 18 01:52:00 PDT 2016

>>  diff --git a/common/hush.c b/common/hush.c
>>  index d3f7bf3..d8fd64b 100644
>>  --- a/common/hush.c
>>  +++ b/common/hush.c
>>  @@ -1655,6 +1655,9 @@ char *shell_expand(char *str)
>>           o_string o = {};
>>           char *res, *parsed;
>>  + if (strlen(str) == 0)
>>  + return xstrdup("");
>>  +
> Can you explain why this is necessary? What happens with an empty string
> without this patch?

 * shell_expand - Expand shell variables in a string.
 * @str:        The input string containing shell variables like
 *              $var or ${var}
 * Return:      The expanded string. Must be freed with free().

If shell_expand should be called _only_ with string containing _at least one_ $var or ${var} then this patch is wrong.
And since shell_expand is called only from menutree.c then it's menutree.c's responsibility to verify the string.

If you pass zero length string (i.e. shell_expand("")) you will end up with "Segmentation Fault"
because this line:

        parse_string(&o, &ctx, str);

will give you o.data = NULL
and then comes this line:

        parsed = xmemdup(o.data, o.length + 1);

PS. And if you will not fill 'title' file for menu with some data you will get "Segmentation Fault".

More information about the barebox mailing list