expect uses memcpy instead of memmove to copy overlapping memory

Bug #1247757 reported by Per Cederqvist on 2013-11-04
This bug affects 1 person
Affects Status Importance Assigned to Milestone
expect (Debian)
Fix Released
expect (Ubuntu)

Bug Description

The ecases_remove_by_expi() function in expect.c uses memcpy() to shift
elements down. The areas can be overlapping. When they are, the
construct is non-portable and can lead to memory corruption.

Please replace the memcpy call with a memmove call. That fixes the
issue. I have attached a proposed patch.

I have already reported this issue at Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728663

Debian has accepted the patch.

I have also reported it upstream:

The following script demonstrates the problem. Save it in a file called
trigger2.expect and run the following:

$ valgrind expect trigger2.expect

You will see an error message similar to:

==10665== Source and destination overlap in memcpy(0x60b9170, 0x60b9178, 16)
==10665== at 0x4C2E820: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)

(Note: it seems that valgrind 3.7 does not detect this, but valgrind 3.8.1 does detect it.)

---cut here for trigger2.expect---
#!/usr/bin/env expect

spawn cat
set a $spawn_id

spawn sleep 1
set b $spawn_id

set spawn_id $a

expect_after {
    -i $a full_buffer { }
    -i $b full_buffer { }
    timeout { }

expect eof { }
---cut here for trigger2.expect---

It would be nice if this fix was backported to versions of Ubuntu that are still supported with updates.

Per Cederqvist (ceder) wrote :
Per Cederqvist (ceder) wrote :
Per Cederqvist (ceder) on 2013-11-04
tags: added: patch-accepted-upstream
Changed in expect (Ubuntu):
status: New → Confirmed
Changed in expect (Debian):
status: Unknown → Fix Released
Changed in expect (Ubuntu):
status: Confirmed → Fix Committed
Changed in expect (Ubuntu):
importance: Undecided → Medium
status: Fix Committed → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.