– possible integer overflows in memory allocation, mostly
‣ multiplication: all are checked now
‣ addition: reviewed them, most were “proven” or guessed to be
“almost” impossible to run over (e.g. when we have a string
whose length is taken it is assumed that the length will be
more than only a few bytes below SIZE_MAX, since code and
stack have to fit); some are checked now (e.g. when one of
the summands is an off_t); most of the unchecked ones are
annotated now
⇒ cost (MirBSD/i386 static): +76 .text
⇒ cost (Debian sid/i386): +779 .text -4 .data
– on Linux targets, setuid() setresuid() setresgid() can fail
with EAGAIN; check for that and, if so, warn once and retry
infinitely (other targets to be added later once we know that
they are “insane”)
⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
• deactivate %a and %A since our libc doesn’t have it
• rewrite the mksh integration code to use shf instead of stdio, removing
floating point support always in the process, as shf doesn’t support it
⇒ saves 11114 (6706 text, 168 data, 4240 bss) with dietlibc on Debian
• fix -Wall -Wextra -Wformat -Wstrict-aliasing=2 for gcc (Debian 4.4.4-7)
• fix these and -Wc++-compat for gcc version 4.6.0 20100711 (experimental)
[trunk revision 162057] (Debian 20100711-1) except:
– a few enum warnings that relate to eglibc’s {g,s}etrlimit() functions
taking an enum instead of an int because they’re too stupid to adhere
to POSIX interfaces they design by themselves
– all “request for implicit conversion” involving a "void *" on one side
• tweak the manual page somewhat more
• merge the rest of branch tg-wcswidth-behaviour
• enhance test cases for wcswidth-like behaviour
• switch hash table collision resolution algorithm to Python’s as announced
• bump vsn
I read, IIRC in the Cederqvist, that 'cvs tag' sets a sticky tag onto
the cwd… it doesn’t, apparently. (I actually like it better this way,
but one needs to know!)
others (colon and equals sign need to be simply escaped, while dollar
sign and accent gravis need double escaping like opening square brak-
ket did back then); add = to C_QUOTE to simplify (doesn't break any-
thing) and sort these strings asciibetically while here
bash4 doesn’t have it at all, despite knowing associative arrays
zsh does it………… differently and weird
this is for indexed arrays, as mksh doesn’t have associative arrays
but it should help ☺
return information needed to do a real ktremove instead of the pseudo
ktdelete operation which merely unsets the DEFINED flag to mark it as
eligible for texpand garbage collection (even worse, !DEFINED entries
are still counted)
commented out for mksh R38* but also used // denoting a temporary, de-
bugging-only, code exclusion which never should have been in the wild
Caught by ucode cc on DEC ULTRIX (where else?), thanks DEChengst ☻☺
• expose “#ifdef MKSH_MIDNIGHTBSD01ASH_COMPAT” just in case they decide to
require it and show it in the ksh version automatically
• sync the use of non-ASCII characters over files (unification)
fix the regression test’s results while here, which have been
broken since cid 10049D9BE5254CE65B8
• get rid of separate copyright file which was intended for De-
bian; track down commits in all files of oksh-mirbsd and mksh
to get correct copyright years per-file, as is BSD custom
${foo:1:2} operates on characters ipv bytes – which means:
‣ set +U: octets
‣ set -U: MirOS OPTU-8 characters
for consistency I also adapted ${#stringname} to deliver the
length in characters ipv bytes; more may follow; for example
I’d like a way to expose the string width.
you can already get the MirOS OPTU-16 of a character in the
WTF-8 (「set -U」) mode with something like
│ typeset -Uui16 -Z7 x=1#${stringname:position:1}
which will correctly use the PUA EF80‥EFFF mapping for octets.
due to this being an incompatible change, bump to R38
also change the unicode-hexdump sample regression test and
add two news for ${x:1:2} and ${#x} checks in A/W mode ☺
pass "xerrok" status across the execution call stack to more closely
match what both POSIX and [18]ksh.1 already describe in regards to set
-e/errexit's behavior in determining when to exit from nonzero return
values.
specifically, the truth values tested as operands to &&' and ||', as
well as the resulting compound expression itself, along with the truth
value resulting from a negated command (i.e. a pipeline prefixed !'),
should not make the shell exit when -e is in effect.
issue reported by matthieu.
testing matthieu, naddy.
ok miod (earlier version), otto.
man page ok jmc.
on Debian Lenny/amd64 (XXX need more verification; this
can be used for 64 bit arithmetics later too)
PPID, PGRP, RANDOM, USER_ID are now unsigned by default
was hard to type and hard to fix, galloc is also hard to fix, and some
things I learned will probably improve things more but make me use the
original form as base (especially for space savings)
* let sizeofN die though, remove even more casts
* optimise, polish
* regen Makefiles
* sprinkle a few /* CONSTCOND */ while here
• others: fix 6 (!) cases of non-constant or side-effect arguments
to the str_save() or str_nsave() macros, and other abuse of them
• also fix some cosmetics and other un-nice code while here
‣ macro afreechk() is superfluous
• get rid of macro afreechv() by re-doing the “don’t leak that much” code
• some KNF (mostly, whitespace and 80c) while here
todo tomorrow:
• test case (compare with e.g. GNU bash)
• manpage
• version bump
sqchar is a bit ugly, but \/ must be preserved, as we don’t get wdencoded
strings later on in the process (eval.c CSUBST) and I didn’t want to have
an implementation like ${foo: 2: 3} this time
from netbsd via oksh
we had the NULL pointer deref already fixed
• avoid a bogus not-setting the return value of edit.c:x_file_glob()
introduced by the above change in oksh
• escape ? as well (but not ] because that’s wrong)
reminded by cbiere@netbsd via oksh
• Unsetting a non-existent variable is not an error. See
http://www.opengroup.org/onlinepubs/009695399/utilities/unset.html
report from Arkadiusz Miskiewicz; fixed based on
http://cvs.pld-linux.org diff via oksh but modified slightly
• Be more smart waiting for input for non-interactive scripts. Fix
based on a diff from debian: see their bug#296446 (via oksh)
modified slightly
this also fixes cnuke@’s “mksh busy loop” problem, for which I never
received a bug report, but the Debian bug page contains a set of two
scripts to reproduce this before (and no longer after) this commit
• some KNF
• bump version
namely Dr. Robert “Pfeffer” Arnold (in this case, in FreeWRT), make
a half-completed attempt at implementing ${foo:2:3} substring evals
(of course, negatives can't work right now and that the numbers are
in face expressions is something I only read later too – this is to
be revisited later, but it's already late)
don't depend on this behaviour yet though
if someone wants to add more regression tests, feel free to…
it's wrong to use strchr(s, 0) to look for the NUL byte, because in some
environments it apparently might return NULL
use new macro strnul = s+strlen(s) instead (not side-effect safe tho)
Analysis:
internal_errorf(int, fmt, ...) was only a __dead function if the int argument
was non-0, which the Prevent probably was unable to follow. Change all uses of
internal_errorf(0, fmt, ...) to internal_warningf(fmt, ...); change the pro-
totype of internal_errorf() to internal_errorf(fmt, ...) and all remaining
uses remove the non-0 int argument; add __dead to internal_errorf() proto;
flesh out guts of internal_errorf() and internal_warningf() into a new local
function for optimisation purposes.
Some whitespace cleanup and dead code removal (return after internal_errorf(1))
and have it return an API-correct const char *
• enhance and stylify comments
• a little KNF and simplifications
• #ifdef DEBUG: replace strchr and strstr with ucstrchr and ucstrstr
that take and return a non-const char *, and fix the violations
• new cstrchr, cstrstr (take and give const char *)
• new vstrchr, vstrstr (take const or not, give boolean value)
• new afreechk(x) = afreechv(x,x) = if (x1) afree(x2, ATEMP)
• new ksh_isdash(str) = (str != NULL) && !strcmp(str, "-")
• replace the only use of strrchr with inlined code to shrink
• minor man page fixes
• Minix 3 signames are autogenerated with gcc
• rename strlfun.c to strlcpy.c since we don't do strlcat(3) anyway,
only strlcpy(3), and shorten it
• dot.mkshrc: move MKSH=… down to the export line
to not disturb the PS1 visual impression ☺
• dot.mkshrc: Lstripcom(): optimise
• bump version
¹) side effect from creating API-correct cstrchr, cstrstr, etc.
uses goto so it must be better ☻
tested on mirbsd-current via both Makefile and Build.sh
main.c: In function 'main':
main.c:208: warning: cast discards qualifiers from pointer target type
main.c:329: warning: cast discards qualifiers from pointer target type
no warnings at autoconf time left either; will take care of these two later
(might revisit changes from this commit), maybe change declararion for the
builtins to have their argv[] be const strings, and go through strict type
and qualifier checking again. this'll further improve stability.
XXX these changes might have introduced (more?) memory leaks,
XXX someone who knows about these tools should verify with
XXX automatic memory usage analysers (valgrind?)
still passes testsuite
but sync RCS IDs for easier future adaption:
* Simplify savefd() by removing the "noclose" flag and make noclose
behavior the default. Almost all uses of savefd() are followed
by an implicit or explicit close.
* fix typos
* might as well make ksh_getopt() match real getopt(), ie. get rid of that
stupid EOF concept that was never true. adobriyan@gmail
* use SEEK_* for lseek()
* fix lint comments, no functional changes
* remove excessive optimization; from adobriyan@gmail
* only santa checks things twice; from adobriyan@gmail
* Interpret zero-filled numbers as decimal; PR 4213; from Alexey Dobriyan
sitory whose ChangeLog follows. mksh R21 is licenced under the MirOS li-
cence, shown in "sh.h", and a two-clause UCB-style licence by Marc Espie
as shown in "alloc.c".
This executable is a fair bit smaller and shorter than our /bin/ksh that
it is designed to eventually replace (as /bin/sh hardlink), with the old
/bin/ksh to completely vanish. It is still in beta testing though, and I
don't think it will compile on other operating systems.
mksh R21 is a completely new port, bringing together the OpenBSD-current
/bin/ksh, the MirOS-current /bin/ksh and the older mksh R20 (which still
was portable, ocvs-based).
- expat as discussed with bsiegert@ today on the phone
- ksh as announced earlier on the lists
* un-hook lib/libexpat from make includes
* remove /usr/include/{,open}ssl upgrade workaround from includes/Makefile
* nuke old bin/ksh
* nuke libexpat and xmlwf
Restore sp before calling snptreef() so the error message contains
the actual expression that caused the error. OK otto@
while here, nice-ify a #define, and bump the mksh version number
to R20 which I somehow forgot... need sleep
From: Todd C. Miller <Todd.Miller@courtesan.com>
The following ksh diff needs wide testing. It does the following:
1) proper error message for bad substitution.
Before:
$ echo ${a[@]:foo}
ksh: : bad substitution
After:
$ echo ${a[@]:foo}
ksh: ${a[@]:foo}: bad substitution
2) fix a core dump for "echo ${a[@]:?foo}".
3) fix a use-after-free bug (from otto@)
trailing IFS non-whitespace "because many sh-derived
shells have this behavious", and me checking for ksh88
on Solaris confirms it.
So, for the sake of compatibility to AT&T ksh, change
it and document the change.