[PATCH] Init - make sure the last parameter to execve is NULL

We alloc exactly the number of parameters in parse_line_action.
When these parameters are for execve, which request the argv
terminated by a NULL, it may fail randomly, depends on what
is there after the end of the buffer we allocated

Extend the buffer to hold one more pointer, and make sure
it is NULL to fix this bug.

Change-Id: I180df8be3502f51f81a6abb6ebf5c156eb59c9fc
Signed-off-by: Ethan <ethan.too@gmail.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/init/parser.c b/init/parser.c
index 7da0d194..ca03da97 100644
--- a/init/parser.c
+++ b/init/parser.c
@@ -800,6 +800,7 @@ static void parse_line_action(struct parse_state* state, int nargs, char **args)
     struct action *act = state->context;
     int (*func)(int nargs, char **args);
     int kw, n;
+    int alloc_size = 0;
 
     if (nargs == 0) {
         return;
@@ -817,7 +818,14 @@ static void parse_line_action(struct parse_state* state, int nargs, char **args)
             n > 2 ? "arguments" : "argument");
         return;
     }
-    cmd = malloc(sizeof(*cmd) + sizeof(char*) * nargs);
+    alloc_size = sizeof(*cmd) + sizeof(char*) * (nargs + 1);
+    cmd = malloc(alloc_size);
+    if (!cmd) {
+        parse_error(state, "malloc failed\n");
+        return;
+    }
+
+    memset((char *)cmd, 0, alloc_size);
     cmd->func = kw_func(kw);
     cmd->nargs = nargs;
     memcpy(cmd->args, args, sizeof(char*) * nargs);