fixup a bad OpenBSD reaction on a bug afl showed:
set source to NULL only if the memory backing source is actually reclaimed; fixes segfault due to NULL(+24) pointer dereference reported by Score_Under (simplified testcase added; thanks!)
This commit is contained in:
tg
parent
e52a2bb23f
commit
f26cf0562b
12
check.t
12
check.t
|
|
@ -1,4 +1,4 @@
|
|||
# $MirOS: src/bin/mksh/check.t,v 1.748 2016/08/01 21:37:59 tg Exp $
|
||||
# $MirOS: src/bin/mksh/check.t,v 1.749 2016/08/04 20:51:32 tg Exp $
|
||||
# -*- mode: sh -*-
|
||||
#-
|
||||
# Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
|
|
@ -30,7 +30,7 @@
|
|||
# (2013/12/02 20:39:44) http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date
|
||||
|
||||
expected-stdout:
|
||||
@(#)MIRBSD KSH R53 2016/08/01
|
||||
@(#)MIRBSD KSH R53 2016/08/04
|
||||
description:
|
||||
Check version of shell.
|
||||
stdin:
|
||||
|
|
@ -39,7 +39,7 @@ name: KSH_VERSION
|
|||
category: shell:legacy-no
|
||||
---
|
||||
expected-stdout:
|
||||
@(#)LEGACY KSH R53 2016/08/01
|
||||
@(#)LEGACY KSH R53 2016/08/04
|
||||
description:
|
||||
Check version of legacy shell.
|
||||
stdin:
|
||||
|
|
@ -6417,6 +6417,12 @@ expected-stdout:
|
|||
ac_space=' '
|
||||
ac_newline=$'\n'
|
||||
---
|
||||
name: regression-67
|
||||
description:
|
||||
Check that we can both break and use source on the same line
|
||||
stdin:
|
||||
for s in s; do break; done; print -s s
|
||||
---
|
||||
name: readonly-0
|
||||
description:
|
||||
Ensure readonly is honoured for assignments and unset
|
||||
|
|
|
|||
17
main.c
17
main.c
|
|
@ -34,7 +34,7 @@
|
|||
#include <locale.h>
|
||||
#endif
|
||||
|
||||
__RCSID("$MirOS: src/bin/mksh/main.c,v 1.316 2016/08/04 20:32:14 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/main.c,v 1.317 2016/08/04 20:51:35 tg Exp $");
|
||||
|
||||
extern char **environ;
|
||||
|
||||
|
|
@ -913,13 +913,6 @@ unwind(int i)
|
|||
/* FALLTHROUGH */
|
||||
default:
|
||||
quitenv(NULL);
|
||||
/*
|
||||
* quitenv() may have reclaimed the memory
|
||||
* used by source which will end badly when
|
||||
* we jump to a function that expects it to
|
||||
* be valid
|
||||
*/
|
||||
source = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1090,6 +1083,14 @@ reclaim(void)
|
|||
|
||||
remove_temps(e->temps);
|
||||
e->temps = NULL;
|
||||
|
||||
/*
|
||||
* if the memory backing source is reclaimed, things
|
||||
* will end up badly when a function expecting it to
|
||||
* be valid is run; a NULL pointer is easily debugged
|
||||
*/
|
||||
if (source && source->areap == &e->area)
|
||||
source = NULL;
|
||||
afreeall(&e->area);
|
||||
}
|
||||
|
||||
|
|
|
|||
62
sh.h
62
sh.h
|
|
@ -175,9 +175,9 @@
|
|||
#endif
|
||||
|
||||
#ifdef EXTERN
|
||||
__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.783 2016/08/01 21:38:05 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.784 2016/08/04 20:51:35 tg Exp $");
|
||||
#endif
|
||||
#define MKSH_VERSION "R53 2016/08/01"
|
||||
#define MKSH_VERSION "R53 2016/08/04"
|
||||
|
||||
/* arithmetic types: C implementation */
|
||||
#if !HAVE_CAN_INTTYPES
|
||||
|
|
@ -1738,9 +1738,14 @@ struct ioword {
|
|||
#define X_EXTRA 20 /* this many extra bytes in X string */
|
||||
|
||||
typedef struct XString {
|
||||
char *end, *beg; /* end, begin of string */
|
||||
size_t len; /* length */
|
||||
Area *areap; /* area to allocate/free from */
|
||||
/* begin of string */
|
||||
char *beg;
|
||||
/* length of allocated area, minus safety margin */
|
||||
size_t len;
|
||||
/* end of string */
|
||||
char *end;
|
||||
/* memory area used */
|
||||
Area *areap;
|
||||
} XString;
|
||||
|
||||
typedef char *XStringP;
|
||||
|
|
@ -1826,24 +1831,39 @@ typedef struct {
|
|||
|
||||
typedef struct source Source;
|
||||
struct source {
|
||||
const char *str; /* input pointer */
|
||||
const char *start; /* start of current buffer */
|
||||
/* input buffer */
|
||||
XString xs;
|
||||
/* memory area, also checked in reclaim() */
|
||||
Area *areap;
|
||||
/* stacked source */
|
||||
Source *next;
|
||||
/* input pointer */
|
||||
const char *str;
|
||||
/* start of current buffer */
|
||||
const char *start;
|
||||
/* input file name */
|
||||
const char *file;
|
||||
/* extra data */
|
||||
union {
|
||||
const char **strv; /* string [] */
|
||||
struct shf *shf; /* shell file */
|
||||
struct tbl *tblp; /* alias (SF_HASALIAS) */
|
||||
char *freeme; /* also for SREREAD */
|
||||
/* string[] */
|
||||
const char **strv;
|
||||
/* shell file */
|
||||
struct shf *shf;
|
||||
/* alias (SF_HASALIAS) */
|
||||
struct tbl *tblp;
|
||||
/* (also for SREREAD) */
|
||||
char *freeme;
|
||||
} u;
|
||||
const char *file; /* input file name */
|
||||
int type; /* input type */
|
||||
int line; /* line number */
|
||||
int errline; /* line the error occurred on (0 if not set) */
|
||||
int flags; /* SF_* */
|
||||
Area *areap;
|
||||
Source *next; /* stacked source */
|
||||
XString xs; /* input buffer */
|
||||
char ugbuf[2]; /* buffer for ungetsc() (SREREAD) and
|
||||
* alias (SALIAS) */
|
||||
/* flags */
|
||||
int flags;
|
||||
/* input type */
|
||||
int type;
|
||||
/* line number */
|
||||
int line;
|
||||
/* line the error occurred on (0 if not set) */
|
||||
int errline;
|
||||
/* buffer for ungetsc() (SREREAD) and alias (SALIAS) */
|
||||
char ugbuf[2];
|
||||
};
|
||||
|
||||
/* Source.type values */
|
||||
|
|
|
|||
Loading…
Reference in New Issue