external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-13 11:42:21 +00:00
Code Issues Releases Wiki Activity

Fix crash on trying a very long nonexistent command

Browse source 
Reproducer from @Saikiran-m:
| ~# sh -c `perl -e 'print "a"x100000'`
|  genunix: NOTICE: core_log: sh[1221] core dumped: /var/cores/core.sh.0.1602153496
| Memory fault(coredump)

The crash was in trying to decide whether the name was suitable for
autoloading as a function on $FPATH. This calls strmatch() to check
the name against a regex for valid function name. But the libast
regex code is not designed optimally and uses too much recursion,
limiting the length of the strings it's able to cope with.

src/cmd/ksh93/sh/path.c: path_search():
- Before calling strmatch(), check that the name is shorter than
  256 bytes. The maximum length of file names on Linux and macOS is
  255 bytes, so an autoload function can't have a name longer than
  that anyway.

src/cmd/ksh93/tests/path.sh:
- Add test for this bug.
- Tweak 'command -x' test to not leave a hanging process on Ctrl+C.

Fixes: https://github.com/ksh93/ksh/issues/144
This commit is contained in:
Martijn Dekker 2021-02-04 04:34:01 +00:00
parent 32cff97b24
commit 6f3b23e6f4
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cmd/ksh93/sh/path.c
View file

@ -720,7 +720,7 @@ int path_search(Shell_t *shp,register const char *name,Pathcomp_t **oldpp, int f
{
if(!pp)
pp=sh_isstate(SH_DEFPATH)?shp->defpathlist:shp->pathlist;
if(pp && strmatch(name,e_alphanum) && (fno=path_opentype(shp,name,pp,1))>=0)
if(pp && strlen(name)<256 && strmatch(name,e_alphanum) && (fno=path_opentype(shp,name,pp,1))>=0)
{
if(flag >= 2)
{

10
src/cmd/ksh93/tests/path.sh
View file

@ -526,6 +526,7 @@ fi
# 'command -x' used to hang in an endless E2BIG loop on Linux and macOS
ofile=$tmp/command_x_chunks.sh
trap 'sleep_pid=; while kill -9 $pid; do :; done 2>/dev/null; err_exit "'\''command -x'\'' hung"' TERM
trap 'kill $sleep_pid; while kill -9 $pid; do :; done 2>/dev/null; trap - INT; kill -s INT $$"' INT
{ sleep 15; kill $$; } &
sleep_pid=$!
(
@ -554,7 +555,7 @@ sleep_pid=$!
pid=$!
wait $pid
e=$?
trap - TERM
trap - TERM INT
[[ $sleep_pid ]] && kill $sleep_pid
if let "e > 0"
then err_exit "'command -x' test yielded exit status $e$( let "e>128" && print -n / && kill -l "$e")"
@ -677,6 +678,13 @@ then fundir=$tmp/whencefun
$'-- diff follows:\n'"$(diff -u <(print -r -- "$expect") <(print -r -- "$actual") | sed $'s/^/\t| /')"
fi
# ======
# Very long nonexistent command names used to crash
# https://github.com/ksh93/ksh/issues/144
{ PATH=/dev/null FPATH=/dev/null "$SHELL" -c "$(awk -v ORS= 'BEGIN { for(i=0;i<10000;i++) print "xxxxxxxxxx"; }')"; } 2>/dev/null
(((e = $?) == 127)) || err_exit "Long nonexistent command name crashes shell" \
"(exit status $e$( ((e>128)) && print -n / && kill -l "$e"))"
# ======
exit $((Errors<125?Errors:125))