external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-13 11:42:21 +00:00
Code Issues Releases Wiki Activity

Fix two crashes related to kshdb (#82)

Browse source 
This commit fixes two different crashes related to kshdb:
- When redirect is given an invalid file descriptor, a segfault
  no longer occurs. Reproducer:
  $ ksh -c 'redirect 9>&200000000000'

- Fix a crash due to free(3) being used on an invalid pointer.
  This can be reproduced with kshdb (commands from att/ast#582):
  $ git clone https://github.com/rocky/kshdb.git
  $ cd kshdb
  $ ksh autogen.sh
  $ echo "print hi there" > $HOME/.kshdbrc
  $ ./kshdb -L . test/example/dbg-test1.sh

src/cmd/ksh93/bltins/misc.c: b_dot_cmd():
- The string pointed to by shp->st.filename must be able to be
  freed from memory with free(3), so duplicate the string with
  strdup(3).

src/cmd/ksh93/sh/io.c: sh_redirect():
- Show an error message when a file descriptor is invalid to
  fix a memory fault.
This commit is contained in:
Johnothan King 2020-07-19 15:42:12 -07:00 committed by GitHub
parent 36f55f1f85
commit bd88cc7f4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
NEWS
View file

@ -3,6 +3,13 @@ For full details, see the git log at: https://github.com/ksh93/ksh
Any uppercase BUG_* names are modernish shell bug IDs.
2020-07-19:
- Fixed a crash that occured in the '.' command when using kshdb.
- Fixed a crash that occured when attempting to use redirection with an
invalid file descriptor.
2020-07-16:
- The 'history' and 'r' default aliases have been made regular built-ins,

2
src/cmd/ksh93/bltins/misc.c
View file

@ -279,7 +279,7 @@ int b_dot_cmd(register int n,char *argv[],Shbltin_t *context)
shp->topscope = (Shscope_t*)shp->st.self;
prevscope->save_tree = shp->var_tree;
if(np)
shp->st.filename = np->nvalue.rp->fname;
shp->st.filename = np->nvalue.rp->fname ? strdup(np->nvalue.rp->fname) : 0;
nv_putval(SH_PATHNAMENOD, shp->st.filename ,NV_NOFREE);
shp->posix_fun = 0;
if(np || argv[1])

2
src/cmd/ksh93/include/version.h
View file

@ -17,4 +17,4 @@
* David Korn <dgk@research.att.com> *
* *
***********************************************************************/
#define SH_RELEASE "93u+m 2020-07-16"
#define SH_RELEASE "93u+m 2020-07-19"

2
src/cmd/ksh93/sh/io.c
View file

@ -1194,7 +1194,7 @@ int sh_redirect(Shell_t *shp,struct ionod *iop, int flag)
toclose = dupfd;
number++;
}
if(*number || dupfd > IOUFD)
if(*number || !sh_iovalidfd(shp,dupfd) || dupfd > IOUFD)
{
message = e_file;
goto fail;

4
src/cmd/ksh93/tests/io.sh
View file

@ -563,5 +563,9 @@ result=$("$SHELL" -ic 'echo >(true) >/dev/null' 2>&1)
"$SHELL" -c 'read -u-2000000' 2> /dev/null
[[ $? == 1 ]] || err_exit "Negative file descriptors cause 'read -u' to crash"
# An out of range fd shouldn't segfault with redirections
"$SHELL" -c 'true 9>&20000000000000000000' 2> /dev/null
[[ $? == 1 ]] || err_exit "Out of range file descriptors cause redirections to segfault"
# ======
exit $((Errors<125?Errors:125))