Fix crash due to double free() when sourcing multiple files

There is a bug in sh_eval() that may cause ksh to crash due to a double free() after sourcing multiple files with '.' or 'source' if a longjmp is triggered, e.g. by a syntax error. This applies a fix from Siteshwar Vashist: https://www.mail-archive.com/ast-developers@lists.research.att.com/msg01943.html src/cmd/ksh93/sh/xec.c: sh_eval(): - Zero file descriptor io_save after closing it. This prevents a double free() after returning from a longjmp. src/cmd/ksh93/tests/basic.sh: - Add reproducer as regression test.
2025-03-09 15:50:02 +00:00 · 2020-07-09 15:09:52 +01:00 · 2020-07-09 15:09:52 +01:00 · a8f6d6b842
commit a8f6d6b842
parent ae92cd897e
4 changed files with 38 additions and 1 deletions
--- a/src/cmd/ksh93/tests/basic.sh
+++ b/src/cmd/ksh93/tests/basic.sh
@ -524,4 +524,33 @@ $SHELL -xc '$(LD_LIBRARY_PATH=$LD_LIBRARY_PATH exec $SHELL -c :)' > /dev/null 2>

 $SHELL 2> /dev/null -c $'for i;\ndo :;done' || err_exit 'for i ; <newline> not vaid'

+# ======
+# Crash on syntax error when dotting/sourcing multiple files
+# Ref.: https://www.mail-archive.com/ast-developers@lists.research.att.com/msg01943.html
+(
+	mkdir "$tmp/dotcrash" || exit
+	cd "$tmp/dotcrash" || exit
+	cat >functions.ksh <<-EOF
+		function f1
+		{
+			echo "f1"
+		}
+		function f2
+		{
+			if	[[ $1 -eq 1 ]]:  # deliberate syntax error
+			then	echo "f2"
+			fi
+		}
+	EOF
+	cat >sub1.ksh <<-EOF
+		. ./functions.ksh
+		echo "sub1" >tmp.out
+	EOF
+	cat >main.ksh <<-EOF
+		. ./sub1.ksh
+	EOF
+	"$SHELL" main.ksh 2>/dev/null
+) || err_exit "crash when sourcing multiple files (exit status $?)"
+
+# ======
 exit $((Errors<125?Errors:125))