ash: add a FIXME for bug 9246

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/shell/ash.c b/shell/ash.c
index 789a81cc306df9667e74ed554320203a84a21306..790367bd84ca22261fe17c7a1156de6b251f445c 100644 (file)
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -11659,9 +11659,18 @@ parsebackq: {
        str = NULL;
        savelen = out - (char *)stackblock();
        if (savelen > 0) {
+               /*
+                * FIXME: this can allocate very large block on stack and SEGV.
+                * Example:
+                * echo "..<100kbytes>..`true` $(true) `true` ..."
+                * alocates 100kb for every command subst. With about
+                * a hundred command substitutions stack overflows.
+                * With larger prepended string, SEGV happens sooner.
+                */
                str = alloca(savelen);
                memcpy(str, stackblock(), savelen);
        }
+
        if (oldstyle) {
                /* We must read until the closing backquote, giving special
                 * treatment to some slashes, and then push the string and