JehanneOS/mksh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix access-after-free crash spotted by Enjolras via IRC, thanks!

Browse Source
This commit is contained in:
tg
2014-06-29 11:28:28 +00:00
parent a375a7b2b6
commit e4c01375aa
3 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
check.t
View File

@ -1,4 +1,4 @@
# $MirOS: src/bin/mksh/check.t,v 1.653 2014/06/24 20:47:42 tg Exp $ # $MirOS: src/bin/mksh/check.t,v 1.654 2014/06/29 11:28:26 tg Exp $
# OpenBSD src/regress/bin/ksh updated: 2013/12/02 20:39:44 # OpenBSD src/regress/bin/ksh updated: 2013/12/02 20:39:44
#- #-
# Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
@ -27,7 +27,7 @@
# http://www.freebsd.org/cgi/cvsweb.cgi/src/tools/regression/bin/test/regress.sh?rev=HEAD # http://www.freebsd.org/cgi/cvsweb.cgi/src/tools/regression/bin/test/regress.sh?rev=HEAD
expected-stdout: expected-stdout:
@(#)MIRBSD KSH R50 2014/06/24 @(#)MIRBSD KSH R50 2014/06/29
description: description:
Check version of shell. Check version of shell.
stdin: stdin:
@ -36,7 +36,7 @@ name: KSH_VERSION
category: shell:legacy-no category: shell:legacy-no
--- ---
expected-stdout: expected-stdout:
@(#)LEGACY KSH R50 2014/06/24 @(#)LEGACY KSH R50 2014/06/29
description: description:
Check version of legacy shell. Check version of legacy shell.
stdin: stdin:

13
lex.c
View File

@ -23,7 +23,7 @@
#include "sh.h" #include "sh.h"
__RCSID("$MirOS: src/bin/mksh/lex.c,v 1.192 2014/01/11 18:09:40 tg Exp $"); __RCSID("$MirOS: src/bin/mksh/lex.c,v 1.193 2014/06/29 11:28:28 tg Exp $");
/* /*
* states while lexing word * states while lexing word
@ -159,9 +159,10 @@ getsc_r(int c)
state = statep->type; \ state = statep->type; \
} while (/* CONSTCOND */ 0) } while (/* CONSTCOND */ 0)
#define PUSH_SRETRACE() do { \ #define PUSH_SRETRACE(s) do { \
struct sretrace_info *ri; \ struct sretrace_info *ri; \
\ \
PUSH_STATE(s); \
statep->ls_start = Xsavepos(ws, wp); \ statep->ls_start = Xsavepos(ws, wp); \
ri = alloc(sizeof(struct sretrace_info), ATEMP); \ ri = alloc(sizeof(struct sretrace_info), ATEMP); \
Xinit(ri->xs, ri->xp, 64, ATEMP); \ Xinit(ri->xs, ri->xp, 64, ATEMP); \
@ -176,6 +177,7 @@ getsc_r(int c)
dp = (void *)retrace_info; \ dp = (void *)retrace_info; \
retrace_info = retrace_info->next; \ retrace_info = retrace_info->next; \
afree(dp, ATEMP); \ afree(dp, ATEMP); \
POP_STATE(); \
} while (/* CONSTCOND */ 0) } while (/* CONSTCOND */ 0)
/** /**
@ -404,9 +406,8 @@ yylex(int cf)
c = getsc(); c = getsc();
if (c == '(') /*)*/ { if (c == '(') /*)*/ {
*wp++ = EXPRSUB; *wp++ = EXPRSUB;
PUSH_STATE(SASPAREN); PUSH_SRETRACE(SASPAREN);
statep->nparen = 2; statep->nparen = 2;
PUSH_SRETRACE();
*retrace_info->xp++ = '('; *retrace_info->xp++ = '(';
} else { } else {
ungetsc(c); ungetsc(c);
@ -650,7 +651,6 @@ yylex(int cf)
if (statep->nparen == 1) { if (statep->nparen == 1) {
/* end of EXPRSUB */ /* end of EXPRSUB */
POP_SRETRACE(); POP_SRETRACE();
POP_STATE();
if ((c2 = getsc()) == /*(*/ ')') { if ((c2 = getsc()) == /*(*/ ')') {
cz = strlen(sp) - 2; cz = strlen(sp) - 2;
@ -833,8 +833,7 @@ yylex(int cf)
} else if (c2 == '"') { } else if (c2 == '"') {
/* FALLTHROUGH */ /* FALLTHROUGH */
case '"': case '"':
state = statep->type = SHEREDQUOTE; PUSH_SRETRACE(SHEREDQUOTE);
PUSH_SRETRACE();
break; break;
} }
ungetsc(c2); ungetsc(c2);

4
sh.h
View File

@ -169,9 +169,9 @@
#endif #endif
#ifdef EXTERN #ifdef EXTERN
__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.690 2014/06/24 20:47:47 tg Exp $"); __RCSID("$MirOS: src/bin/mksh/sh.h,v 1.691 2014/06/29 11:28:28 tg Exp $");
#endif #endif
#define MKSH_VERSION "R50 2014/06/24" #define MKSH_VERSION "R50 2014/06/29"
/* arithmetic types: C implementation */ /* arithmetic types: C implementation */
#if !HAVE_CAN_INTTYPES #if !HAVE_CAN_INTTYPES