[Bug 1247757] [NEW] expect uses memcpy instead of memmove to copy overlapping memory
Per Cederqvist
1247757 at bugs.launchpad.net
Mon Nov 4 08:48:13 UTC 2013
Public bug reported:
The ecases_remove_by_expi() function in expect.c uses memcpy() to shift
elements down. The areas can be overlapping. When they are, the
construct is non-portable and can lead to memory corruption.
Please replace the memcpy call with a memmove call. That fixes the
issue. I have attached a proposed patch.
I have already reported this issue at Debian: http://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=728663
Debian has accepted the patch.
I have also reported it upstream:
https://sourceforge.net/p/expect/patches/16/
The following script demonstrates the problem. Save it in a file called
trigger2.expect and run the following:
$ valgrind expect trigger2.expect
You will see an error message similar to:
==10665== Source and destination overlap in memcpy(0x60b9170, 0x60b9178, 16)
==10665== at 0x4C2E820: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
(Note: it seems that valgrind 3.7 does not detect this, but valgrind
3.8.1 does detect it.)
---cut here for trigger2.expect---
#!/usr/bin/env expect
spawn cat
set a $spawn_id
spawn sleep 1
set b $spawn_id
set spawn_id $a
expect_after {
-i $a full_buffer { }
-i $b full_buffer { }
timeout { }
}
expect eof { }
---cut here for trigger2.expect---
It would be nice if this fix was backported to versions of Ubuntu that
are still supported with updates.
** Affects: expect (Ubuntu)
Importance: Undecided
Status: New
** Tags: patch patch-accepted-debian testcase
** Patch added: "Suggested fix."
https://bugs.launchpad.net/bugs/1247757/+attachment/3899624/+files/expect5.45-memmove.patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to expect in Ubuntu.
https://bugs.launchpad.net/bugs/1247757
Title:
expect uses memcpy instead of memmove to copy overlapping memory
Status in “expect” package in Ubuntu:
New
Bug description:
The ecases_remove_by_expi() function in expect.c uses memcpy() to shift
elements down. The areas can be overlapping. When they are, the
construct is non-portable and can lead to memory corruption.
Please replace the memcpy call with a memmove call. That fixes the
issue. I have attached a proposed patch.
I have already reported this issue at Debian: http://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=728663
Debian has accepted the patch.
I have also reported it upstream:
https://sourceforge.net/p/expect/patches/16/
The following script demonstrates the problem. Save it in a file called
trigger2.expect and run the following:
$ valgrind expect trigger2.expect
You will see an error message similar to:
==10665== Source and destination overlap in memcpy(0x60b9170, 0x60b9178, 16)
==10665== at 0x4C2E820: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
(Note: it seems that valgrind 3.7 does not detect this, but valgrind
3.8.1 does detect it.)
---cut here for trigger2.expect---
#!/usr/bin/env expect
spawn cat
set a $spawn_id
spawn sleep 1
set b $spawn_id
set spawn_id $a
expect_after {
-i $a full_buffer { }
-i $b full_buffer { }
timeout { }
}
expect eof { }
---cut here for trigger2.expect---
It would be nice if this fix was backported to versions of Ubuntu that
are still supported with updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expect/+bug/1247757/+subscriptions
More information about the foundations-bugs
mailing list