[Bug 1247757] Re: expect uses memcpy instead of memmove to copy overlapping memory

Magnus Holmgren holmgren at debian.org
Mon Nov 4 21:37:58 UTC 2013


** Bug watch added: Debian Bug tracker #728663
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728663

** Also affects: expect (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728663
   Importance: Unknown
       Status: Unknown

** Changed in: expect (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to expect in Ubuntu.
https://bugs.launchpad.net/bugs/1247757

Title:
  expect uses memcpy instead of memmove to copy overlapping memory

Status in “expect” package in Ubuntu:
  Confirmed
Status in “expect” package in Debian:
  Unknown

Bug description:
  The ecases_remove_by_expi() function in expect.c uses memcpy() to shift
  elements down. The areas can be overlapping. When they are, the
  construct is non-portable and can lead to memory corruption.

  Please replace the memcpy call with a memmove call. That fixes the
  issue. I have attached a proposed patch.

  I have already reported this issue at Debian: http://bugs.debian.org
  /cgi-bin/bugreport.cgi?bug=728663

  Debian has accepted the patch.

  I have also reported it upstream:
  https://sourceforge.net/p/expect/patches/16/

  The following script demonstrates the problem. Save it in a file called
  trigger2.expect and run the following:

  $ valgrind expect trigger2.expect

  You will see an error message similar to:

  ==10665== Source and destination overlap in memcpy(0x60b9170, 0x60b9178, 16)
  ==10665==    at 0x4C2E820: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)

  (Note: it seems that valgrind 3.7 does not detect this, but valgrind
  3.8.1 does detect it.)

  ---cut here for trigger2.expect---
  #!/usr/bin/env expect

  spawn cat
  set a $spawn_id

  spawn sleep 1
  set b $spawn_id

  set spawn_id $a

  expect_after {
      -i $a full_buffer { }
      -i $b full_buffer { }
      timeout { }
  }

  expect eof { }
  ---cut here for trigger2.expect---

  It would be nice if this fix was backported to versions of Ubuntu that
  are still supported with updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/expect/+bug/1247757/+subscriptions



More information about the foundations-bugs mailing list