Age | Commit message (Collapse) | Author |
|
I promised months ago I'd fix this, and there was a (not visible to the
public but filed by a member of the public) bug filed against Android in
the meantime, but judged No Security Impact because "toybox is not a
security boundary". Anyway, it seemed high time I learned about fuzzing
command-line tools with AFL++, so here we are.
With these patches (and starting from the ELF files in test/files/elf),
toybox file survived ~24hours against AFL++. Amusingly it corrupted the
ELF files hard enough that it also managed to find a bug in the code
for MS-DOS executables, which is the motivation for the final hunk in
this patch.
Bug: http://b/159065007
Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./file @@
|
|
|
|
Android is introducing a new binary XML format that is a drop-in
replacement for many existing .xml files written by system_server.
Since engineers may be surprised when encountering this new format,
add it to the "file" tool to aid identification in the field.
|
|
Even though the gcc toolchain ./configure is told it's cross compiling,
it optimizes for the current machine ANYWAY. So force it to be generic.
|
|
output depending on whether address was hex or decimal.
|
|
This makes it more likely that you can actually debug something like
"sed: bad regex: empty (sub)expression" or
"sed: bad regex: parentheses not balanced" from a build failure log,
where you don't necessarily know where the failure came from.
This also seems like it might be useful generally, although GNU grep
doesn't include this detail in its error messages, and busybox doesn't
even seem to notice that regcomp() failed?
(Realistically if the Android build team wants to move forward with "one
true regex implementation", we're going to have to add some GNU-isms to
the Android regex implementation. But we'd need to find them first! Note
that the two examples given above are real examples from failed buildbot
builds, but they occur early in the respective builds so there are
likely many more to look at after these. Interestingly, the first of the
two appears to be the more general case of something disallowed by POSIX
that xregcomp() already has a workaround for.)
|
|
I added a #include above this, which caused subtle breakages on 32-bit
systems. Move it to the top of the file to fix it and avoid making a
similar mistake in future.
|
|
One reason to use toybox on the host is to get the same behavior across
Android/Linux/macOS. Unfortunately (as we've seen from a few bugs) one
area where that doesn't quite work is that toybox uses the libc regular
expression implementation. That's fine, and mostly what users want, but
those folks trying to get the exact same behavior everywhere might want
to switch in a known regex implementation (bionic's NetBSD regex
implementation, say) for increased consistency.
That actually works pretty well, but portability.h has an #ifndef test
for REG_STARTEND before including <regex.h> that gets in the way. To
make up for that, this patch removes the unnecessary #include <regex.h>
from grep.c itself.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(The bug is that "echo hello \" followed by just enter should end the $PS2
state but it persists when the line is empty because resulting collated line
still ends with \ so it wants another line.)
|
|
debug output if anything later in the script fails.
|
|
|
|
|
|
This is consistent with the util-linux implementation.
|
|
This is consistent with the util-linux implementation.
|
|
Fixes https://github.com/landley/toybox/issues/251 where `stty 300` was
mangling c_iflags to 0x300 because even if we don't match a full hex
specification of struct termios, sscanf() will have overwritten the
first value, which is c_iflag.
|
|
f2fs with compression enabled only lets you `chattr +c` on an empty
file.
|
|
|
|
|
|
We need to *name = 0 explicitly for the !name && !statless case, so don't
need the +1 in memset that was only zeroing in the !name && statless case.
|
|
tar asks dirtree_path() to reserve space for a trailing '/', but recent
changes broke that for the case that was resolving to just a strdup().
Caught by `export ASAN=1` and `make test_tar`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix i2cdetect parameter reading so "last" value is read from correct argument.
|
|
Debug wildcard * match, teach skipslash() to fill out a wildcard deck,
make collect_wildcards() flush remove the parsing-only 0th entry.
|
|
|
|
when passed in extra allocation length or else free() gets very unhappy.
|
|
|
|
|
|
|
|
|