From 51b2e360fa33f631767ae0606063afc0625d5ad1 Mon Sep 17 00:00:00 2001 From: Martijn Dekker Date: Sat, 20 Feb 2021 23:20:54 +0000 Subject: [PATCH] job_reap(): fix use of unitialised pointer This solves another intermittent crash that happened upon processing SIGWINCH in the emacs editor. See also: 7ff6b73b I found this bug while testing ksh 93u+m on OpenBSD. Due to its pervasive security hardening, this system crashes a program reliably where others crash it intermittently, which is invaluable. src/cmd/ksh93/sh/jobs.c: job_reap(): - The pw pointer is not ever given a value if the loop breaks on line 318-319, but it is used unconditionally on lines 464-470, Initialise the pointer to null on function entry and do not call job_list() and job_unpost() if the pointer is still null. --- src/cmd/ksh93/sh/jobs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cmd/ksh93/sh/jobs.c b/src/cmd/ksh93/sh/jobs.c index d0a5e9423..a4251a923 100644 --- a/src/cmd/ksh93/sh/jobs.c +++ b/src/cmd/ksh93/sh/jobs.c @@ -262,7 +262,7 @@ int job_reap(register int sig) { Shell_t *shp = sh_getinterp(); register pid_t pid; - register struct process *pw; + register struct process *pw = NIL(struct process*); struct process *px; register int flags; struct jobsave *jp; @@ -461,7 +461,7 @@ int job_reap(register int sig) nochild = 1; } shp->gd->waitevent = waitevent; - if(sh_isoption(SH_NOTIFY) && sh_isstate(SH_TTYWAIT)) + if(pw && sh_isoption(SH_NOTIFY) && sh_isstate(SH_TTYWAIT)) { outfile = sfstderr; job_list(pw,JOB_NFLAG|JOB_NLFLAG);