[PATCH 3/5] shell/shell.c: Fix illegal string copy

Frank Kuehndel frank.kuehndel at embedded-brains.de
Tue Oct 13 13:48:57 UTC 2020 

From: Frank Kühndel <frank.kuehndel at embedded-brains.de>

This is an illegal use of strcpy() because one is not allowed to
use this function with overlapping source and destination buffers;
whereas memmove() is explicitly designed to handle such cases.

The copiler warning was:

../../../cpukit/libmisc/shell/shell.c:626:13: warning:
'strcpy' accessing between 1 and 2147483645 bytes at offsets
0 and [1, 2147483647] may overlap up to 2147483644 bytes at
offset [1, 2147483644] [-Wrestrict]
---
 cpukit/libmisc/shell/shell.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/cpukit/libmisc/shell/shell.c b/cpukit/libmisc/shell/shell.c
index c5fc1f5c48..1a3b438b37 100644
--- a/cpukit/libmisc/shell/shell.c
+++ b/cpukit/libmisc/shell/shell.c
@@ -287,6 +287,16 @@ void rtems_shell_dup_current_env(rtems_shell_env_t *copy)
   copy->managed = false;
 }
 
+/*
+ *  Move a string in a buffer to the left (e.g. when a character
+ *  is deleted). The string must be NUL-terminated and the
+ *  NUL-character will be moved too.
+ */
+static void rtems_shell_move_left( char *start, size_t offset )
+{
+  memmove(start, start + offset, strlen(start + offset) + 1);
+}
+
 /*
  *  Get a line of user input with modest features
  */
@@ -393,7 +403,7 @@ static int rtems_shell_line_editor(
           {
             int end;
             int bs;
-            strcpy (&line[col], &line[col + 1]);
+            rtems_shell_move_left(line + col, 1);
             if (output) {
               fprintf(out,"\r%s%s ", prompt, line);
               end = (int) strlen (line);
@@ -432,7 +442,7 @@ static int rtems_shell_line_editor(
         case 4:                         /* Control-D */
           if (strlen(line)) {
             if (col < strlen(line)) {
-              strcpy (line + col, line + col + 1);
+              rtems_shell_move_left(line + col, 1);
               if (output) {
                 int bs;
                 fprintf(out,"%s \b", line + col);
@@ -508,7 +518,7 @@ static int rtems_shell_line_editor(
           {
             int bs;
             col--;
-            strcpy (line + col, line + col + 1);
+            rtems_shell_move_left(line + col, 1);
             if (output) {
               fprintf(out,"\b%s \b", line + col);
               for (bs = 0; bs < ((int) strlen (line) - col); bs++)
@@ -625,7 +635,7 @@ static int rtems_shell_line_editor(
             int clen = (int) strlen (line);
             int bs;
 
-            strcpy (line, line + col);
+            rtems_shell_move_left(line, col);
             if (output) {
               fprintf(out,"\r%s%*c", prompt, clen, ' ');
               fprintf(out,"\r%s%s", prompt, line);
-- 
2.26.2

More information about the devel mailing list