1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-03-09 15:50:02 +00:00

job_reap(): fix use of unitialised pointer

This solves another intermittent crash that happened upon
processing SIGWINCH in the emacs editor. See also: 7ff6b73b

I found this bug while testing ksh 93u+m on OpenBSD. Due to its
pervasive security hardening, this system crashes a program
reliably where others crash it intermittently, which is invaluable.

src/cmd/ksh93/sh/jobs.c: job_reap():
- The pw pointer is not ever given a value if the loop breaks on
  line 318-319, but it is used unconditionally on lines 464-470,
  Initialise the pointer to null on function entry and do not call
  job_list() and job_unpost() if the pointer is still null.
This commit is contained in:
Martijn Dekker 2021-02-20 23:20:54 +00:00
parent 797adc39cc
commit 51b2e360fa

View file

@ -262,7 +262,7 @@ int job_reap(register int sig)
{
Shell_t *shp = sh_getinterp();
register pid_t pid;
register struct process *pw;
register struct process *pw = NIL(struct process*);
struct process *px;
register int flags;
struct jobsave *jp;
@ -461,7 +461,7 @@ int job_reap(register int sig)
nochild = 1;
}
shp->gd->waitevent = waitevent;
if(sh_isoption(SH_NOTIFY) && sh_isstate(SH_TTYWAIT))
if(pw && sh_isoption(SH_NOTIFY) && sh_isstate(SH_TTYWAIT))
{
outfile = sfstderr;
job_list(pw,JOB_NFLAG|JOB_NLFLAG);