iocsh crashes when dealing with NULL iocshArgPersistentString
Bug #1824732 reported by
Bruno Martins
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
EPICS Base | Status tracked in 7.0 | |||||
3.15 |
Triaged
|
Low
|
Unassigned | |||
7.0 |
Fix Released
|
Low
|
Unassigned |
Bug Description
I was looking at the iocsh.cpp (@R7.0.2.1) code and realized that there's a bug when parsing command arguments of type iocshArgPersist
case iocshArgPersist
if (argBuf->sval == NULL) {
return 0;
}
break;
However, here 'arg' can be NULL, so 'strlen' can (will?) SEGFAULT. I was able to successfully trigger the issue. I don't know where this is used or who uses this functionality exactly.
To post a comment you must log in.
iocshArgPersist entString was intended for use when the routine being called stores the arg pointer instead of making its own copy and uses it again later. This is somewhat uncommon and there are no commands in Base that register such an argument (a 'git grep' comes up with only 2 instances of that word), but it is still used in some support modules.