Got use-after-free warning under GCC 12 with `-O3` option, and I found
that `nsh_strcat` may realloc `ptr`, then `cmdline` may point to invalid
memory.
Let `cmdline` point to the reallocated `ptr` may solve the problem.
Tested by `alias ll='ls -l'` and `ll /` on sim.
GCC output:
CC: binfmt_unloadmodule.c In function 'nsh_aliasexpand',
inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1196:23: error: pointer 'ptr' used after 'realloc' [-Werror=use-after-free]
1196 | ptr = cmdline + len;
| ~~~~~~~~^~~~~~~~~~~~~~~
In function 'nsh_strcat',
inlined from 'nsh_aliasexpand' at nsh_parse.c:1190:21,
inlined from 'nsh_argument' at nsh_parse.c:1879:20:
nsh_parse.c:1100:27: note: call to 'realloc' here
1100 | argument = (FAR char *)realloc(s1, allocsize);
| ^~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
text data bss dec hex filename
398953 27088 4128 430169 69059 nuttx /* before */
389241 27072 4128 420441 66a59 nuttx /* after */
-9712 -16
Signed-off-by: chao an <anchao@xiaomi.com>
The logic that handles back-quotes was faulty, i.e. example command
set FOO `ls -l` would be split into two tokens as follows:
- set FOO `ls
- -l`
This results in nsh: `: no matching ` error, this fixes that issue.
This adds support for more complex alias handling, such as:
$ alias ls='ls -l'
Previously such an alias was not split into the command verb and the
argument correctly, instead the full alias string was handled as the
verb, which obviously fails.
This commit fixes this by expanding the alias, checking whether it has
arguments and if so, it merges the expanded alias + the old command line
together, resulting in a completely new command line.
Example (assuming the alias above has been created):
$ ls /bin
Results in a new command line: "ls -l /bin" which is then parsed and
executed.
A resulting word that is identified to be the command name word of a
simple command shall be examined to determine whether it is an unquoted,
valid alias name.
The keyword here being "a simple command", arguments are not subject to
expansion.
This adds support for string aliases into nsh. There are some nuances that
are not handled correctly yet:
- Reserved words can be overloaded, which is a clear POSIX violation
The parser is modified to detect, handle and remove quotes from the
command string. Whatever is inside the quotes is treated as a string
literal. If no matching end quote is found, the terminal prints out
and error.
Replace all fwrite/fread/fgets/... to write/read/...
Before:
```
text data bss dec hex filename
109827 601 6608 117036 1c92c nuttx/nuttx
```
After:
```
text data bss dec hex filename
108053 601 6608 115262 1c23e nuttx/nuttx
```
After with CONFIG_FILE_STREAM disabled:
```
text data bss dec hex filename
105667 601 6608 112876 1b8ec nuttx/nuttx
```
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
- Handle nsh_filecat returning NULL on failure
- Background and redirect must be restored after an empty line
- Output redirection should be removed from argv like background
Summary:
- Fix memory corruption when pthread_create() failed in nsh_execute()
Impact:
- nsh builtin command execution in background with errors
Testing:
- Tested with hifive1-revb:nsh
- Set CONFIG_MAX_TASKS=4
- Run 'sleep 1000 &' in 3 times will cause pthread_create error
- Run free, ps command
Reported-by: Yoshinori Sugino <ysgn0101@gmail.com>
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Add some comments to nsh_parse.c emphasizing the reason that things are done in the order that they are. Perhaps such comments will avoid similar breakage in the future.
commit 9a28ccf836
Author: chao.an <anchao@xiaomi.com>
Date: Fri Feb 21 09:54:47 2020 +0800
nsh/parse: try the builtin configuration first
In the case of enable the BUILTIN_APPS/FILE_APPS at the same time,
try the builtin list first to ensure that the relevant configuration
(stacksize, priority) can be set normally.
This commit breaks the feature because it changes the order to that the built-in application is tried first. Hence, the version on the file system will never replace the built-in version.
That commit must be reverted in order to restore the correct functionality.
Revert "nsh/parse: try the builtin configuration first"
This reverts commit 9a28ccf836.
In the case of enable the BUILTIN_APPS/FILE_APPS at the same time, try the builtin list first to ensure that the relevant configuration(stacksize, priority) can be set normally.
1.Remove void cast for function because many place ignore the returned value witout cast
2.Replace void cast for variable with UNUSED macro
Change-Id: Ie644129a563244a6397036789c4c3ea83c4e9b09
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Per SUZUKI Y <NBG03015@nifty.ne.jp>, changing:
- return (FAR char *)g_nullstring;
+ return "";
causes a bad return value because "" lies on the stack.
This reverts commit 9defae8af6.
include/ and netutils/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
nshlib/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
system/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
testing/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
examples/: Remove references to CONFIG_DISABLE_SIGNALS. Signals can no longer be disabled.
Test case:
NuttShell (NSH)
nsh> mkrd -s 1024 40
nsh> mkfatfs /dev/ram0
nsh> mount -t vfat /dev/ram0 /tmp
nsh> echo "echo 1 > /dev/null" > /tmp/test.sh
nsh> cat /tmp/test.sh
echo 1 > /dev/null
nsh> sh /tmp/test.sh
...
The nsh prompt doesn't get printed. You can type a couple of commands, but then the system will crash because of bad pointers.
nsh_parse.c: fix 'while' and 'until' loop condition
The loop condition logic was inverted:
while true; do echo "test"; done
would exit immediately, while using 'until' would stay in the loop.
This is the opposite of how it is supposed to work.
The reason is that 'state' was set wrong because 'whilematch' is a bool.
Approved-by: Gregory Nutt <gnutt@nuttx.org>
