From ad9ea0ba7d42b44a6430cfa8bb940db19f3e621b Mon Sep 17 00:00:00 2001 From: Martijn Dekker Date: Fri, 8 Jan 2021 11:56:04 +0000 Subject: [PATCH] Fix off-by-one in nv_mktype() (Solaris patch 210-Bug15993811) This change is pulled from here: https://github.com/oracle/solaris-userland/blob/master/components/ksh93/patches/210-Bug15993811.patch Unfortunately there is no publicly available documentation on why this change was needed. We just have to assume the Solaris people knew what they were doing. ksh2020 upstreamed this too (as well as all the other Solaris patches applied here). --- src/cmd/ksh93/sh/nvtype.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/cmd/ksh93/sh/nvtype.c b/src/cmd/ksh93/sh/nvtype.c index 52e3ec986..040730c7f 100644 --- a/src/cmd/ksh93/sh/nvtype.c +++ b/src/cmd/ksh93/sh/nvtype.c @@ -904,8 +904,6 @@ Namval_t *nv_mktype(Namval_t **nodes, int numnodes) } offset = roundof(offset,sizeof(char*)); nv_setsize(mp,offset); - if(nd) - nd++; k = roundof(sizeof(Namtype_t),sizeof(Sfdouble_t)) - sizeof(Namtype_t); pp = newof(NiL, Namtype_t, 1, nnodes*NV_MINSZ + offset + size + (nnodes+nd)*sizeof(char*) + iref*sizeof(struct Namref)+k); pp->fun.dsize = sizeof(Namtype_t)+nnodes*NV_MINSZ +offset+k;