external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-03-09 15:50:02 +00:00
Code Issues Releases Wiki Activity

Fix memory corruption when a compound variable is unset (#49)

Browse source 
The following set of commands ends with a memory fault under
certain circumstances because ksh attempts to free memory
twice, causing memory corruption:

$ testarray=(1 2)
$ compound testarray
$ unset testarray
$ eval testarray=

The fix is to make sure 'np->nvfun' is a valid pointer before
attempting to free memory in 'put_tree'. This patch is from
OpenSUSE: https://build.opensuse.org/package/view_file/shells/ksh/ksh93-nvtree-free.dif?expand=1

src/cmd/ksh93/sh/nvtree.c:
- Do not try to free memory when 'np->nvfun' and 'val'
  are false.

src/cmd/ksh93/tests/comvar.sh:
- Add a regression test for the double free problem. The
  reproducer must be run from an executable script
  with 'ksh -c'.
This commit is contained in:
Johnothan King 2020-06-29 10:08:28 -07:00 committed by GitHub
parent 5135cf651c
commit 10b6ba801d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/cmd/ksh93/sh/nvtree.c
View file

@ -1142,6 +1142,8 @@ static void put_tree(register Namval_t *np, const char *val, int flags,Namfun_t
nv_putv(np, val, flags,fp);
if(val && nv_isattr(np,(NV_INTEGER|NV_BINARY)))
return;
if(!val && !np->nvfun)
return;
if(ap= nv_arrayptr(np))
nleft = array_elem(ap);
if(nleft==0)