external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-03-09 15:50:02 +00:00
Code Issues Releases Wiki Activity

Fix crash due to double free() when sourcing multiple files

Browse source 
There is a bug in sh_eval() that may cause ksh to crash due to a
double free() after sourcing multiple files with '.' or 'source'
if a longjmp is triggered, e.g. by a syntax error.

This applies a fix from Siteshwar Vashist:
https://www.mail-archive.com/ast-developers@lists.research.att.com/msg01943.html

src/cmd/ksh93/sh/xec.c: sh_eval():
- Zero file descriptor io_save after closing it. This prevents a
  double free() after returning from a longjmp.

src/cmd/ksh93/tests/basic.sh:
- Add reproducer as regression test.
This commit is contained in:
Martijn Dekker 2020-07-09 15:09:52 +01:00
parent ae92cd897e
commit a8f6d6b842
4 changed files with 38 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -3,6 +3,10 @@ For full details, see the git log at: https://github.com/ksh93/ksh
Any uppercase BUG_* names are modernish shell bug IDs. Any uppercase BUG_* names are modernish shell bug IDs.
2020-07-09:
- Fixed a crash on syntax error when sourcing/dotting multiple files.
2020-07-07: 2020-07-07:
- Four of the date formats accepted by 'printf %()T' have had their - Four of the date formats accepted by 'printf %()T' have had their

2
src/cmd/ksh93/include/version.h
View file

@ -17,4 +17,4 @@
* David Korn <dgk@research.att.com> * * David Korn <dgk@research.att.com> *
* * * *
***********************************************************************/ ***********************************************************************/
#define SH_RELEASE "93u+m 2020-07-07" #define SH_RELEASE "93u+m 2020-07-09"

4
src/cmd/ksh93/sh/xec.c
View file

@ -624,7 +624,11 @@ int sh_eval(register Sfio_t *iop, int mode)
if(lineno) if(lineno)
shp->inlineno = lineno; shp->inlineno = lineno;
if(io_save) if(io_save)
{
sfclose(io_save); sfclose(io_save);
io_save = 0;
}
sh_freeup(shp); sh_freeup(shp);
shp->st.staklist = saveslp; shp->st.staklist = saveslp;
shp->fn_reset = 0; shp->fn_reset = 0;

29
src/cmd/ksh93/tests/basic.sh
View file

@ -524,4 +524,33 @@ $SHELL -xc '$(LD_LIBRARY_PATH=$LD_LIBRARY_PATH exec $SHELL -c :)' > /dev/null 2>
$SHELL 2> /dev/null -c $'for i;\ndo :;done' || err_exit 'for i ; <newline> not vaid' $SHELL 2> /dev/null -c $'for i;\ndo :;done' || err_exit 'for i ; <newline> not vaid'
# ======
# Crash on syntax error when dotting/sourcing multiple files
# Ref.: https://www.mail-archive.com/ast-developers@lists.research.att.com/msg01943.html
(
mkdir "$tmp/dotcrash" || exit
cd "$tmp/dotcrash" || exit
cat >functions.ksh <<-EOF
function f1
{
echo "f1"
}
function f2
{
if [[ $1 -eq 1 ]]: # deliberate syntax error
then echo "f2"
fi
}
EOF
cat >sub1.ksh <<-EOF
. ./functions.ksh
echo "sub1" >tmp.out
EOF
cat >main.ksh <<-EOF
. ./sub1.ksh
EOF
"$SHELL" main.ksh 2>/dev/null
) || err_exit "crash when sourcing multiple files (exit status $?)"
# ======
exit $((Errors<125?Errors:125)) exit $((Errors<125?Errors:125))