Tarantool development patches archive
 help / color / mirror / Atom feed
From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@dev.tarantool.org, korablev@tarantool.org,
	imun@tarantool.org
Subject: [Tarantool-patches] [PATCH 1/1] app: handle concatenated argv name-value correctly
Date: Wed, 19 Feb 2020 00:08:15 +0100	[thread overview]
Message-ID: <450bafe2e276ac6e520d4772f82f033873c8039a.1582067172.git.v.shpilevoy@tarantool.org> (raw)

The server used to crash when any option argument was passed with
a value concatenated to it, like this: '-lvalue', '-evalue'
instead of '-l value' and '-e value'.

However this is a valid way of writing values, and it should not
have crashed regardless of its validity.

The bug was in usage of 'optind' global variable from getopt()
function family. It is not supposed to be used for getting an
option's value. It points to a next argv to parse. Next argv !=
value of current argv, like it was with '-lvalue' and '-evalue'.

For getting a current value there is a variable 'optarg'.

Closes #4775
---
Branch: https://github.com/tarantool/tarantool/tree/gerold103/gh-4775-crash-on-l-e-opts
Issue: https://github.com/tarantool/tarantool/issues/4775

@ChangeLog
- Fixed crash at attempt to use -e and -l command line options
  concatenated with their values, like this: -eprint(100)
  (gh-4775).

 src/lua/init.c                           |  4 ++--
 src/lua/init.h                           |  2 +-
 src/main.cc                              | 13 +++++--------
 test/app/gh-4775-crash-args-l-e.result   | 15 +++++++++++++++
 test/app/gh-4775-crash-args-l-e.test.lua |  6 ++++++
 5 files changed, 29 insertions(+), 11 deletions(-)
 create mode 100644 test/app/gh-4775-crash-args-l-e.result
 create mode 100644 test/app/gh-4775-crash-args-l-e.test.lua

diff --git a/src/lua/init.c b/src/lua/init.c
index 097dd8495..28b6b2d62 100644
--- a/src/lua/init.c
+++ b/src/lua/init.c
@@ -557,7 +557,7 @@ run_script_f(va_list ap)
 	const char *path = va_arg(ap, const char *);
 	bool interactive = va_arg(ap, int);
 	int optc = va_arg(ap, int);
-	char **optv = va_arg(ap, char **);
+	const char **optv = va_arg(ap, const char **);
 	int argc = va_arg(ap, int);
 	char **argv = va_arg(ap, char **);
 	/*
@@ -660,7 +660,7 @@ error:
 
 int
 tarantool_lua_run_script(char *path, bool interactive,
-			 int optc, char **optv, int argc, char **argv)
+			 int optc, const char **optv, int argc, char **argv)
 {
 	const char *title = path ? basename(path) : "interactive";
 	/*
diff --git a/src/lua/init.h b/src/lua/init.h
index 507360738..7fc0b1a31 100644
--- a/src/lua/init.h
+++ b/src/lua/init.h
@@ -72,7 +72,7 @@ tarantool_lua_free();
  */
 int
 tarantool_lua_run_script(char *path, bool force_interactive,
-			 int optc, char **optv,
+			 int optc, const char **optv,
 			 int argc, char **argv);
 
 extern char *history;
diff --git a/src/main.cc b/src/main.cc
index e674d85b1..9d1450523 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -722,7 +722,7 @@ main(int argc, char **argv)
 	bool interactive = false;
 	/* Lua interpeter options, e.g. -e and -l */
 	int optc = 0;
-	char **optv = NULL;
+	const char **optv = NULL;
 	auto guard = make_scoped_guard([=]{ if (optc) free(optv); });
 
 	static struct option longopts[] = {
@@ -750,16 +750,13 @@ main(int argc, char **argv)
 		case 'e':
 			/* Save Lua interepter options to optv as is */
 			if (optc == 0) {
-				optv = (char **) calloc(argc, sizeof(char *));
+				optv = (const char **) calloc(argc,
+							      sizeof(optv[0]));
 				if (optv == NULL)
 					panic_syserror("No enough memory for arguments");
 			}
-			/*
-			 * The variable optind is the index of the next
-			 * element to be processed in argv.
-			 */
-			optv[optc++] = argv[optind - 2];
-			optv[optc++] = argv[optind - 1];
+			optv[optc++] = ch == 'l' ? "-l" : "-e";
+			optv[optc++] = optarg;
 			break;
 		default:
 			/* "invalid option" is printed by getopt */
diff --git a/test/app/gh-4775-crash-args-l-e.result b/test/app/gh-4775-crash-args-l-e.result
new file mode 100644
index 000000000..eff1ee763
--- /dev/null
+++ b/test/app/gh-4775-crash-args-l-e.result
@@ -0,0 +1,15 @@
+-- test-run result file version 2
+--
+-- gh-4775: crash on option concatenated with value.
+--
+child = io.popen('tarantool -e"print(100) os.exit()"')
+ | ---
+ | ...
+child:read()
+ | ---
+ | - '100'
+ | ...
+child:close()
+ | ---
+ | - true
+ | ...
diff --git a/test/app/gh-4775-crash-args-l-e.test.lua b/test/app/gh-4775-crash-args-l-e.test.lua
new file mode 100644
index 000000000..1cccb78a4
--- /dev/null
+++ b/test/app/gh-4775-crash-args-l-e.test.lua
@@ -0,0 +1,6 @@
+--
+-- gh-4775: crash on option concatenated with value.
+--
+child = io.popen('tarantool -e"print(100) os.exit()"')
+child:read()
+child:close()
-- 
2.21.1 (Apple Git-122.3)

             reply	other threads:[~2020-02-18 23:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-18 23:08 Vladislav Shpilevoy [this message]
2020-02-19  8:54 ` Igor Munkin
2020-02-19 23:09   ` Vladislav Shpilevoy
2020-02-20  6:24 ` Kirill Yukhin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=450bafe2e276ac6e520d4772f82f033873c8039a.1582067172.git.v.shpilevoy@tarantool.org \
    --to=v.shpilevoy@tarantool.org \
    --cc=imun@tarantool.org \
    --cc=korablev@tarantool.org \
    --cc=tarantool-patches@dev.tarantool.org \
    --subject='Re: [Tarantool-patches] [PATCH 1/1] app: handle concatenated argv name-value correctly' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox