unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob bde4fb336a936b99898ea79266c4b7d03c5df239 1276 bytes (raw)
name: packages/patches/atf-execute-with-shell.patch 	 # note: path name is non-authoritative(*)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
Submitted here: https://github.com/freebsd/atf/pull/57

From 098b66269b1cf1d944b8b214ceb7ce9febde3682 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Mon, 29 Jan 2024 22:35:49 -0500
Subject: [PATCH] Fix use after free in execute_with_shell.

The temporary string returned by atf::env::get would be used outside
its statement, which is invalid and cause undefined behavior.  Copy it
to a local variable to avoid the issue.

Fixes: https://github.com/freebsd/atf/issues/26
Fixes: https://github.com/freebsd/kyua/issues/223

Reported-by: Ruslan Bukin <br@bsdpad.com>
---
 atf-sh/atf-check.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/atf-sh/atf-check.cpp b/atf-sh/atf-check.cpp
index 41f0b13..9d6f7a8 100644
--- a/atf-sh/atf-check.cpp
+++ b/atf-sh/atf-check.cpp
@@ -436,7 +436,9 @@ execute_with_shell(char* const* argv)
     const std::string cmd = flatten_argv(argv);
 
     const char* sh_argv[4];
-    sh_argv[0] = atf::env::get("ATF_SHELL", ATF_SHELL).c_str();
+    const std::string shell = atf::env::get("ATF_SHELL", ATF_SHELL);
+
+    sh_argv[0] = shell.c_str();
     sh_argv[1] = "-c";
     sh_argv[2] = cmd.c_str();
     sh_argv[3] = NULL;

base-commit: 18eb8168b70a0f934b4824b6391b55ac0b2f4fdf
-- 
2.41.0


debug log:

solving bde4fb336a936b99898ea79266c4b7d03c5df239 ...
found bde4fb336a936b99898ea79266c4b7d03c5df239 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).