Commit Graph

149 Commits

Author SHA1 Message Date
tg
edf76ec8e6 harden the crlf vs lf tests even more; use binary mode explicitly on OS/2 2015-07-09 20:52:43 +00:00
tg
2e4cd72899 make certain actions flush the history buffer 2015-07-05 19:53:46 +00:00
tg
e0196f47d5 implement completely new multiline code by delaying history store
this commit is valgrind-tested
2015-07-05 19:37:18 +00:00
tg
0d5b514e63 now removes *all* trailing newlines (by reusing histsave result, saves code),
plus plugs an ancient memory leak (hist_execute afree’s its arg now);
also partial revert of commitid 78014291f06497b3 as COMPLEX_HISTORY handles
multi-line commands correctly now (r1.4, 2005-05-23)
2015-07-05 17:04:26 +00:00
tg
757d857319 greatly simplify hist_execute (useless to cut a string in twain, then
restore the very same string), except now, the one trailing newline
is not removed (except in histsave)
2015-07-05 16:48:28 +00:00
tg
b87215bbaf when storing commands with embedded newlines, don’t take those as end of string
(inspired fix from Debian #783978; bug in original pdksh COMPLEX_HISTORY code)
2015-07-05 16:47:28 +00:00
tg
93ccb42114 overhaul the signal handling:
• support NSIG_MAX from http://austingroupbugs.net/view.php?id=741
  and make a TODO for later to use sysconf(_SC_NSIG) at runtime
• bounds-check signals (e.g. no smaller than 1, but smaller than NSIG)
• align trap errorlevel with other shells
• make trap match what’s in POSIX and fixup the manpage
• refactor some code related to signals
• hide from kill builtin both EXIT and ERR pseudo-signals
2015-04-29 20:44:37 +00:00
tg
3eb806b72b inline only user of ksh_min, make it more cool; drop ksh_min, ksh_max;
move ksh_isdigit etc. to ksh_isalpha etc. definitions
2015-04-29 19:11:57 +00:00
tg
65f9b93926 ordinarily, lineno must be mksh_uari_t, but edit.c most of all isn’t ready,
so we mitigate a bit (in var.c mostly) and tweak another type already, and
add some checks (mksh_{,u}ari_t must fit into {,unsigned }long) and print
line numbers with %lu already
2015-04-19 18:50:38 +00:00
tg
be147e3426 SECURITY: make “unset HISTFILE” really work
additionally, make “HISTFILE=” the same, document the truncation and
re-reading process’ further and already-known bugs; this needs work
2015-03-07 20:46:31 +00:00
tg
b94b2e363a stop (ab)using the OS symbolic constant EOF, always use -1; plus misc fixes 2015-02-06 10:09:07 +00:00
tg
d5bdd0e364 fixup mergo from cid 10054762AC33B0CB0D0 2015-01-22 16:54:29 +00:00
tg
41144d022b oksh RCSID sync (nop because we are portable and thus still require <sys/file.h>) 2014-11-26 19:32:12 +00:00
tg
2f52b993a1 • Build.sh: fix NSIG detection for gcc-snapshot
• all: bump version to R50-current; add more comments; whitespace
• all: remove all mkssert(); we’ll do full re-runs of scan-build and,
  hopefully, Coverity Scan/Prevent
• check.t: fix a testcase (sed could exit false, but we don’t care)
• eval.c: fix tilde_ok data type (only unsigned may shl constantly)
• exec.c: fix shebang buf array accesses to always go via uint8_t *
2014-11-25 21:13:31 +00:00
tg
d25612b4b0 stop using ptrdiff_t 2014-11-25 20:00:39 +00:00
tg
7330970bfa fix some of the signal stuff (still didn’t get rid of awk(1) and printf(1)
calls in Build.sh, we need HOSTCC for that… which we should do, using BER
or something encoded for integers, and pregenerated hashtables as planned)

also, bump to R50 beta, due to today’s language changes
2014-06-09 13:25:53 +00:00
tg
f920d94785 add O_BINARY to all open() calls except tty_fd
cf. http://svn.netlabs.org/libc/wiki/Faq#Whydoesntreadfdbufsize_of_filereturnsize_of_file
2013-10-09 11:59:30 +00:00
tg
7f16464902 slightly optimised and, more importantly, much more consistent (use only
one set of CTRL, UNCTRL, and new ISCTRL macros) C0 and DEL handling; the
optimisation only works for 7-bit ASCII, so those places 8-bit must pass
intact have an added check

also, while here, remove an editor oops (‘;’), oksh rcsid sync (they did
accept I was right wrt. set -e), int → bool, and code merge/cleanup
2013-09-24 20:19:45 +00:00
tg
b2396677e7 harmonise sys_{sig,err}list ⓐ checks, ⓑ uses, ⓒ _decl values when not needed, ⓓ prototypes; ⓔ “const” is a keyword and thus space-separated from the preceding ‘*’ pointer indicator 2012-12-28 02:28:39 +00:00
tg
12c662b6e2 thanks to ISC (Interactive) Unix, we now know a few samples of errnos
that get used, plus one for the realpath-1 regression test; also make
sys_siglist_decl detection nicer and poison strerror() with non-const
return value ifdef DEBUG, make it always const
2012-12-17 23:18:11 +00:00
tg
cf807eb83a Add assertions and shuffle code around for LLVM+Clang scan-build. 2012-12-04 01:18:34 +00:00
tg
80e364b7ad use proper parenthesēs; int → bool; use same var (eno) for temp. errno 2012-11-30 19:02:10 +00:00
tg
31f24a4040 add some bounds, for a subsequent commit:
• all writers of exstat ensure the value is in [0; 0xFF]
• all readers of exstat AND it with 0xFF (not strictly needed thus)
• trap_exstat is “safe”, i.e. always either -1 or [0; 0xFF]
2012-10-21 21:39:06 +00:00
tg
df81e96d67 Coverity 703490: better zero out sigact 2012-06-24 19:47:11 +00:00
tg
06f8194dfb Valgrind says: close(-1) is not nice 2012-05-05 18:04:20 +00:00
tg
5780bc5eb7 new MKSH_NO_CMDLINE_EDITING to disable command line editing in its entirety
mainly for the Plan 9 port though it may also help the WinAPI variant,
other porting efforts, as well as a new project I cannot say yet
2012-05-04 20:49:08 +00:00
tg
5eea59ad57 rewrite maketemp() obsoleting tempnam(3) and mkstemp(3) external deps 2012-04-14 16:07:48 +00:00
tg
981ad02dbe drop str{,n}casecmp, too 2012-04-06 13:29:01 +00:00
tg
dd5fbe82f3 hide persistent history stuff if not enabled 2012-04-01 03:23:08 +00:00
tg
cf75e7b6ce couple of minor/cosmetic fixes from RT’s compile farm:
• promote SCO OpenServer and UnixWare to !oswarn
• omit trying -O2/-O on OpenServer 5 and USL C
• cast mksh_ari_t to int, mksh_uari_t to unsigned int for printf
• skip ulimit-1 on syllable (which is still too broken)
• write ((mksh_ari_t)-2147483648) ipv UB ((mksh_ari_t)1 << 31)
  and add a comment that that is actually meant
• rewrite functions returning !void ending in NOTREACHED
  so they’ve got a jump target returning an error at the
  end, to aid older compilers and just to be safe
• cast struct stat.st_size to off_t or size_t explicitly when needed
• shorten struct env by two bytes and an alignment, at least

also, optimise control flow and fix more paren matching cases
2012-03-29 19:23:01 +00:00
tg
1f6ecff829 make this fail betterly 2012-03-28 23:07:47 +00:00
tg
95a2c63096 • implement fcntl(2)-based advisory locking as an alternative iff flock(2)
is not found, from a suggestion by RT (LP: #912691)
• try harder (in a loop) to acquire a file lock if the locking mechanism
  documents EINTR is a possibility (fcntl always, flock on Linux not .Ox)
• use -std=c99 not -std=gnu99 if it must be at all
2012-03-27 22:36:53 +00:00
tg
c8ee91f02d LLVM+clang scan-build found a dead store and I found an unneeded assert 2011-12-31 00:47:46 +00:00
tg
efaa268a88 plug the most atrocious offenders in the persistent history code
to address LP: #906914 (if your history file is corrupt or you
reach the end of HISTLINES, you’re still SOL)

quadruple the standard value for HISTSIZE to help users avoid it;
it’s much better to set it yourself if using persistent history
though; half it on MKSH_SMALL though which defaults to not use it
anyway

also fix handling of larger files a bit and limit the size until
which the files are considered (currently to 96 MiB) until such
time as mmap will no longer be employed to deal in them when the
offending code has been replaced by a rewrite…
2011-12-31 00:23:42 +00:00
tg
da9ce25524 put a bit of type safety into the history code 2011-12-30 21:00:32 +00:00
tg
38dcf950c9 • release flock after the lseek
• -1 not 0 is the safe “none” value for fds
2011-12-30 20:35:29 +00:00
tg
44c408f9ac shuffle caddr_t to its only user, and use (void *) on Linux instead,
to appease Fefe’s dietlibc [-Wdeprecated-declarations]
2011-12-10 14:12:17 +00:00
tg
44a27fa8e0 update and reformat some comments in the history code 2011-11-26 18:19:00 +00:00
tg
9782f6b4d1 • access(2) is broken in at least kFreeBSD 9.0 as “modern” OS, so bring
back the wrapper code as well as refactor most other code calling it
• apparently, names can’t end in ‘_’ or contain ‘__’ anywhere…
2011-09-07 15:24:22 +00:00
tg
577c918beb patch most of Jerker Bäck’s concerns out, unless not applicable 2011-08-27 18:06:52 +00:00
tg
45cd3a340b this is about the amount -Wl,--gc-sections can help me to eliminate 2011-04-22 12:21:55 +00:00
tg
5f8075fc82 introduce a tobool(cond) abstraction¹ and switch bool to char if !stdbool.h
① currently: ((cond) ? true : false) but (!!(cond)) and casting to bool,
  the latter only if stdbool.h, would also work – which performs best on
  (and across) all supported systems?
2011-03-07 20:30:41 +00:00
tg
8610728bf6 forgot 2011-02-09 19:32:15 +00:00
tg
d158038191 Limit history file size to 1 GiB for sanity (especially considering struct stat.sb_size is sometimes unsigned, sometimes signed, and sometimes larger than long, ugh…) 2011-02-09 15:08:01 +00:00
tg
5161342b9b fix warning about signed vs. unsigned comparision and potential truncation error 2011-02-09 13:08:27 +00:00
tg
45d99b9ec9 Scan for existence of <sys/file.h> which is not ubiquitous; allows
klibc-mksh (despite no hope to get a signal of a job) persistent history
2011-01-30 02:18:20 +00:00
tg
27dce9168a change behaviour of argument-less exit in traps to match SUSv4; Debian #599484 (original patch from Jonathan Nieder, thanks!) in a variant that appears to handle nested traps well 2010-11-01 17:29:05 +00:00
tg
667d792d6a • Address concerns of Chris Palmer from the Android security team
– possible integer overflows in memory allocation, mostly
    ‣ multiplication: all are checked now
    ‣ addition: reviewed them, most were “proven” or guessed to be
      “almost” impossible to run over (e.g. when we have a string
      whose length is taken it is assumed that the length will be
      more than only a few bytes below SIZE_MAX, since code and
      stack have to fit); some are checked now (e.g. when one of
      the summands is an off_t); most of the unchecked ones are
      annotated now
    ⇒ cost (MirBSD/i386 static): +76 .text
    ⇒ cost (Debian sid/i386): +779 .text  -4 .data
  – on Linux targets, setuid() setresuid() setresgid() can fail
    with EAGAIN; check for that and, if so, warn once and retry
    infinitely (other targets to be added later once we know that
    they are “insane”)
    ⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
  from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
2010-09-14 21:26:19 +00:00
tg
06c6be0a70 shave off another 468 bytes: we’re 300 bytes smaller than BEFORE the
cat builtin was added now… (also removed utf-8 from source files, in
favour of just ASCII)
2010-08-28 20:22:24 +00:00
tg
3747722db4 improve string pooling: saves 316 bytes in .text 2010-08-28 18:50:58 +00:00