| Age | Commit message (Collapse) | Author |
|---|
|
I promised months ago I'd fix this, and there was a (not visible to the
public but filed by a member of the public) bug filed against Android in
the meantime, but judged No Security Impact because "toybox is not a
security boundary". Anyway, it seemed high time I learned about fuzzing
command-line tools with AFL++, so here we are.
With these patches (and starting from the ELF files in test/files/elf),
toybox file survived ~24hours against AFL++. Amusingly it corrupted the
ELF files hard enough that it also managed to find a bug in the code
for MS-DOS executables, which is the motivation for the final hunk in
this patch.
Bug: http://b/159065007
Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./file @@
|
|
|
|
Android is introducing a new binary XML format that is a drop-in
replacement for many existing .xml files written by system_server.
Since engineers may be surprised when encountering this new format,
add it to the "file" tool to aid identification in the field.
|
|
output depending on whether address was hex or decimal.
|
|
One reason to use toybox on the host is to get the same behavior across
Android/Linux/macOS. Unfortunately (as we've seen from a few bugs) one
area where that doesn't quite work is that toybox uses the libc regular
expression implementation. That's fine, and mostly what users want, but
those folks trying to get the exact same behavior everywhere might want
to switch in a known regex implementation (bionic's NetBSD regex
implementation, say) for increased consistency.
That actually works pretty well, but portability.h has an #ifndef test
for REG_STARTEND before including <regex.h> that gets in the way. To
make up for that, this patch removes the unnecessary #include <regex.h>
from grep.c itself.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(The bug is that "echo hello \" followed by just enter should end the $PS2
state but it persists when the line is empty because resulting collated line
still ends with \ so it wants another line.)
|
|
|
|
|
|
This is consistent with the util-linux implementation.
|
|
This is consistent with the util-linux implementation.
|
|
Fixes https://github.com/landley/toybox/issues/251 where `stty 300` was
mangling c_iflags to 0x300 because even if we don't match a full hex
specification of struct termios, sscanf() will have overwritten the
first value, which is c_iflag.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix i2cdetect parameter reading so "last" value is read from correct argument.
|
|
Debug wildcard * match, teach skipslash() to fill out a wildcard deck,
make collect_wildcards() flush remove the parsing-only 0th entry.
|
|
|
|
|
|
|
|
|
|
ftruncate was failing on device files, leading to whole dd.c failures.
This patch allows us to dump device files.
|
|
|
|
contexts like scripts, and tweak debug scaffolding.
|
|
The comma thing turned into an internationalization can of worms,
don't go there. Keep the "show megabytes on systems with >10G"
logic which includes not showing 0.0 for single digit values.
|
|
|
|
The util-linux blkid (even if explicitly asked with -s) won't show you a
tag with no value.
|
|
|
|
|
|
|
|
and use the comma format when selected even if <3 digits (no 0.0M)
|
|
string parsing error. This patch enables proper local facility handling.
|
|
Bash produces different output for that test, but I'm not sure I care?
http://lists.landley.net/pipermail/toybox-landley.net/2020-September/011990.html
The problem is parse_word() guarantees its output's quotes/escapes
are completed, but brace expansion happens after parse_word() and thus
violating assumptions later code depends on to not do redundant error
checking. The easy fix is to escape punctuation produced by parse_word
(which in bash can only happen when you span upper and lower case ranges
so "\" is the only interesting character). I could special case this to
match bash exactly, but I'm waiting for someone to complain instead.
|
|
|
|
|
|
|
|
|
|
|
|
|
