ash: refresh stack pointers after makestrspace in rmescapes

Without this, rmescapes sometimes returns random garbage while
performing parameter expansions such as ${foo#bar}, in the event that
the allocation of r happens to need to reallocate the stack and hence
invalidate str and p.  I'd love to provide a test case but unfortunately
it's dependent on exact stack layout, so I don't have anything simpler
than the situation described in
https://bugs.launchpad.net/ubuntu/+source/partman-base/+bug/527401/comments/23
which involved a sequence of foo="${foo#*, }" expansions on a long
string inside our RAID configuration tool.

The same fix has been in dash since 2007-09-26, contributed by Roy
Marples <uberlord@gentoo.org>.  I actually came up with it independently
almost to the character, but then synced it up with the variable naming
used in dash when I noticed that change afterwards.

Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/shell/ash.c b/shell/ash.c
index 9d55f892eaada791865d856dd10e22fa2a68e019..ec5e0b8c7400a659f89f81d366a4241c0456de50 100644 (file)
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -5425,7 +5425,11 @@ rmescapes(char *str, int flag)
                size_t fulllen = len + strlen(p) + 1;
 
                if (flag & RMESCAPE_GROW) {
+                       int strloc = str - (char *)stackblock();
                        r = makestrspace(fulllen, expdest);
+                       /* p and str may be invalidated by makestrspace */
+                       str = (char *)stackblock() + strloc;
+                       p = str + len;
                } else if (flag & RMESCAPE_HEAP) {
                        r = ckmalloc(fulllen);
                } else {