fix access-after-free crash spotted by Enjolras via IRC, thanks!
This commit is contained in:
tg
parent
a375a7b2b6
commit
e4c01375aa
6
check.t
6
check.t
@ -1,4 +1,4 @@
|
||||
# $MirOS: src/bin/mksh/check.t,v 1.653 2014/06/24 20:47:42 tg Exp $
|
||||
# $MirOS: src/bin/mksh/check.t,v 1.654 2014/06/29 11:28:26 tg Exp $
|
||||
# OpenBSD src/regress/bin/ksh updated: 2013/12/02 20:39:44
|
||||
#-
|
||||
# Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
@ -27,7 +27,7 @@
|
||||
# http://www.freebsd.org/cgi/cvsweb.cgi/src/tools/regression/bin/test/regress.sh?rev=HEAD
|
||||
|
||||
expected-stdout:
|
||||
@(#)MIRBSD KSH R50 2014/06/24
|
||||
@(#)MIRBSD KSH R50 2014/06/29
|
||||
description:
|
||||
Check version of shell.
|
||||
stdin:
|
||||
@ -36,7 +36,7 @@ name: KSH_VERSION
|
||||
category: shell:legacy-no
|
||||
---
|
||||
expected-stdout:
|
||||
@(#)LEGACY KSH R50 2014/06/24
|
||||
@(#)LEGACY KSH R50 2014/06/29
|
||||
description:
|
||||
Check version of legacy shell.
|
||||
stdin:
|
||||
|
||||
13
lex.c
13
lex.c
@ -23,7 +23,7 @@
|
||||
|
||||
#include "sh.h"
|
||||
|
||||
__RCSID("$MirOS: src/bin/mksh/lex.c,v 1.192 2014/01/11 18:09:40 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/lex.c,v 1.193 2014/06/29 11:28:28 tg Exp $");
|
||||
|
||||
/*
|
||||
* states while lexing word
|
||||
@ -159,9 +159,10 @@ getsc_r(int c)
|
||||
state = statep->type; \
|
||||
} while (/* CONSTCOND */ 0)
|
||||
|
||||
#define PUSH_SRETRACE() do { \
|
||||
#define PUSH_SRETRACE(s) do { \
|
||||
struct sretrace_info *ri; \
|
||||
\
|
||||
PUSH_STATE(s); \
|
||||
statep->ls_start = Xsavepos(ws, wp); \
|
||||
ri = alloc(sizeof(struct sretrace_info), ATEMP); \
|
||||
Xinit(ri->xs, ri->xp, 64, ATEMP); \
|
||||
@ -176,6 +177,7 @@ getsc_r(int c)
|
||||
dp = (void *)retrace_info; \
|
||||
retrace_info = retrace_info->next; \
|
||||
afree(dp, ATEMP); \
|
||||
POP_STATE(); \
|
||||
} while (/* CONSTCOND */ 0)
|
||||
|
||||
/**
|
||||
@ -404,9 +406,8 @@ yylex(int cf)
|
||||
c = getsc();
|
||||
if (c == '(') /*)*/ {
|
||||
*wp++ = EXPRSUB;
|
||||
PUSH_STATE(SASPAREN);
|
||||
PUSH_SRETRACE(SASPAREN);
|
||||
statep->nparen = 2;
|
||||
PUSH_SRETRACE();
|
||||
*retrace_info->xp++ = '(';
|
||||
} else {
|
||||
ungetsc(c);
|
||||
@ -650,7 +651,6 @@ yylex(int cf)
|
||||
if (statep->nparen == 1) {
|
||||
/* end of EXPRSUB */
|
||||
POP_SRETRACE();
|
||||
POP_STATE();
|
||||
|
||||
if ((c2 = getsc()) == /*(*/ ')') {
|
||||
cz = strlen(sp) - 2;
|
||||
@ -833,8 +833,7 @@ yylex(int cf)
|
||||
} else if (c2 == '"') {
|
||||
/* FALLTHROUGH */
|
||||
case '"':
|
||||
state = statep->type = SHEREDQUOTE;
|
||||
PUSH_SRETRACE();
|
||||
PUSH_SRETRACE(SHEREDQUOTE);
|
||||
break;
|
||||
}
|
||||
ungetsc(c2);
|
||||
|
||||
4
sh.h
4
sh.h
@ -169,9 +169,9 @@
|
||||
#endif
|
||||
|
||||
#ifdef EXTERN
|
||||
__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.690 2014/06/24 20:47:47 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.691 2014/06/29 11:28:28 tg Exp $");
|
||||
#endif
|
||||
#define MKSH_VERSION "R50 2014/06/24"
|
||||
#define MKSH_VERSION "R50 2014/06/29"
|
||||
|
||||
/* arithmetic types: C implementation */
|
||||
#if !HAVE_CAN_INTTYPES
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user