JehanneOS/mksh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixup a bad OpenBSD reaction on a bug afl showed:

Browse Source 
set source to NULL only if the memory backing source is actually reclaimed;
fixes segfault due to NULL(+24) pointer dereference reported by Score_Under
(simplified testcase added; thanks!)
This commit is contained in:
tg 2016-08-04 20:51:35 +00:00
parent e52a2bb23f
commit f26cf0562b
3 changed files with 59 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
check.t
View File

@ -1,4 +1,4 @@
# $MirOS: src/bin/mksh/check.t,v 1.748 2016/08/01 21:37:59 tg Exp $ # $MirOS: src/bin/mksh/check.t,v 1.749 2016/08/04 20:51:32 tg Exp $
# -*- mode: sh -*- # -*- mode: sh -*-
#- #-
# Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
@ -30,7 +30,7 @@
# (2013/12/02 20:39:44) http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date # (2013/12/02 20:39:44) http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date
expected-stdout: expected-stdout:
@(#)MIRBSD KSH R53 2016/08/01 @(#)MIRBSD KSH R53 2016/08/04
description: description:
Check version of shell. Check version of shell.
stdin: stdin:
@ -39,7 +39,7 @@ name: KSH_VERSION
category: shell:legacy-no category: shell:legacy-no
--- ---
expected-stdout: expected-stdout:
@(#)LEGACY KSH R53 2016/08/01 @(#)LEGACY KSH R53 2016/08/04
description: description:
Check version of legacy shell. Check version of legacy shell.
stdin: stdin:
@ -6417,6 +6417,12 @@ expected-stdout:
ac_space=' ' ac_space=' '
ac_newline=$'\n' ac_newline=$'\n'
--- ---
name: regression-67
description:
Check that we can both break and use source on the same line
stdin:
for s in s; do break; done; print -s s
---
name: readonly-0 name: readonly-0
description: description:
Ensure readonly is honoured for assignments and unset Ensure readonly is honoured for assignments and unset

17
main.c
View File

@ -34,7 +34,7 @@
#include <locale.h> #include <locale.h>
#endif #endif
__RCSID("$MirOS: src/bin/mksh/main.c,v 1.316 2016/08/04 20:32:14 tg Exp $"); __RCSID("$MirOS: src/bin/mksh/main.c,v 1.317 2016/08/04 20:51:35 tg Exp $");
extern char **environ; extern char **environ;
@ -913,13 +913,6 @@ unwind(int i)
/* FALLTHROUGH */ /* FALLTHROUGH */
default: default:
quitenv(NULL); quitenv(NULL);
/*
* quitenv() may have reclaimed the memory
* used by source which will end badly when
* we jump to a function that expects it to
* be valid
*/
source = NULL;
} }
} }
} }
@ -1090,6 +1083,14 @@ reclaim(void)
remove_temps(e->temps); remove_temps(e->temps);
e->temps = NULL; e->temps = NULL;
/*
* if the memory backing source is reclaimed, things
* will end up badly when a function expecting it to
* be valid is run; a NULL pointer is easily debugged
*/
if (source && source->areap == &e->area)
source = NULL;
afreeall(&e->area); afreeall(&e->area);
} }

64
sh.h
View File

@ -175,9 +175,9 @@
#endif #endif
#ifdef EXTERN #ifdef EXTERN
__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.783 2016/08/01 21:38:05 tg Exp $"); __RCSID("$MirOS: src/bin/mksh/sh.h,v 1.784 2016/08/04 20:51:35 tg Exp $");
#endif #endif
#define MKSH_VERSION "R53 2016/08/01" #define MKSH_VERSION "R53 2016/08/04"
/* arithmetic types: C implementation */ /* arithmetic types: C implementation */
#if !HAVE_CAN_INTTYPES #if !HAVE_CAN_INTTYPES
@ -1738,9 +1738,14 @@ struct ioword {
#define X_EXTRA 20 /* this many extra bytes in X string */ #define X_EXTRA 20 /* this many extra bytes in X string */
typedef struct XString { typedef struct XString {
char *end, *beg; /* end, begin of string */ /* begin of string */
size_t len; /* length */ char *beg;
Area *areap; /* area to allocate/free from */ /* length of allocated area, minus safety margin */
size_t len;
/* end of string */
char *end;
/* memory area used */
Area *areap;
} XString; } XString;
typedef char *XStringP; typedef char *XStringP;
@ -1826,24 +1831,39 @@ typedef struct {
typedef struct source Source; typedef struct source Source;
struct source { struct source {
const char *str; /* input pointer */ /* input buffer */
const char *start; /* start of current buffer */ XString xs;
union { /* memory area, also checked in reclaim() */
const char **strv; /* string [] */
struct shf *shf; /* shell file */
struct tbl *tblp; /* alias (SF_HASALIAS) */
char *freeme; /* also for SREREAD */
} u;
const char *file; /* input file name */
int type; /* input type */
int line; /* line number */
int errline; /* line the error occurred on (0 if not set) */
int flags; /* SF_* */
Area *areap; Area *areap;
Source *next; /* stacked source */ /* stacked source */
XString xs; /* input buffer */ Source *next;
char ugbuf[2]; /* buffer for ungetsc() (SREREAD) and /* input pointer */
* alias (SALIAS) */ const char *str;
/* start of current buffer */
const char *start;
/* input file name */
const char *file;
/* extra data */
union {
/* string[] */
const char **strv;
/* shell file */
struct shf *shf;
/* alias (SF_HASALIAS) */
struct tbl *tblp;
/* (also for SREREAD) */
char *freeme;
} u;
/* flags */
int flags;
/* input type */
int type;
/* line number */
int line;
/* line the error occurred on (0 if not set) */
int errline;
/* buffer for ungetsc() (SREREAD) and alias (SALIAS) */
char ugbuf[2];
}; };
/* Source.type values */ /* Source.type values */