Fix crash on subshell exit if PWD is inaccessible (re: dd9bc229)

This commit also further mitigates the problems with restoring an inaccessible or nonexistent PWD on exiting a virtual subshell. Harald van Dijk writes: > On a build of ksh with -fsanitize=undefined to help diagnose > problems: > > $ mkdir deleted > $ cd deleted > $ rmdir ../deleted > $ ksh -c '(cd /; (cd /)); :' > /home/harald/ksh/src/cmd/ksh93/sh/subshell.c:561:22: runtime > error: null pointer passed as argument 1, which is declared to > never be null > Segmentation fault (core dumped) > > Note that it segfaults the same with default compilation flags, > but it does not print out the useful extra message. The code > assumes that pwd is non-null and passes it to strcmp without > checking, but it will be null if the current directory cannot be > determined, for instance because it has been deleted. src/cmd/ksh93/sh/subshell.c: sh_subshell(): - Avoid the null pointer dereference reported above. src/cmd/ksh93/bltins/cd_pwd.c: b_cd(): - Fork a virtual subshell even on systems with fchdir(2) if the present working directory tests as inaccessible on invoking 'cd'; it may no longer exist and fchdir would fail to get a handle. (For the test we have to opendir(3) the full path to the PWD and not ".", as the latter may succeed even if the PWD is gone.) src/cmd/ksh93/data/builtins.c: - Update 'cd' version string. Fixes: https://github.com/ksh93/ksh/issues/153 Related: https://github.com/ksh93/ksh/issues/141
2025-03-09 15:50:02 +00:00 · 2021-01-19 18:47:41 +00:00 · 2021-01-19 18:47:41 +00:00 · 7bab9508aa
commit 7bab9508aa
parent 82847bba3f
6 changed files with 30 additions and 6 deletions
--- a/src/cmd/ksh93/bltins/cd_pwd.c
+++ b/src/cmd/ksh93/bltins/cd_pwd.c
@ -37,6 +37,7 @@
 #include	"name.h"
 #include	"builtins.h"
 #include	<ls.h>
+#include	<ast_dir.h>

 /*
 * Invalidate path name bindings to relative paths
@ -91,14 +92,20 @@ int	b_cd(int argc, char *argv[],Shbltin_t *context)
 		dir = nv_getval(opwdnod);
 	if(!dir || *dir==0)
 		errormsg(SH_DICT,ERROR_exit(1),argc==2?e_subst+4:e_direct);
-#if !_lib_fchdir
 	/*
 	 * If sh_subshell() in subshell.c cannot use fchdir(2) to restore the PWD using a saved file descriptor,
 	 * we must fork any virtual subshell now to avoid the possibility of ending up in the wrong PWD on exit.
 	 */
 	if(shp->subshell && !shp->subshare)
-		sh_subfork();
-#endif /* !lib_fchdir */
+	{
+#if _lib_fchdir
+		DIR *testdir;
+		if(testdir = opendir(nv_getval(pwdnod)))
+			closedir(testdir);
+		else
+#endif
+			sh_subfork();
+	}
 	/*
 	 * Do $CDPATH processing, except if the path is absolute or the first component is '.' or '..'
 	 */