Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix off-by-one error, possible crash (re: 6193c6a)
The ksh-20120801-trapcom.patch patch contains an off-by-one error, which was also imported into 93u+m. When saving signals: https://github.com/ksh93/ksh/blob/ceb77b136fb1f2cb0adf1e197c1b60d5b7c91d96/src/cmd/ksh93/sh/subshell.c#L572-L592 572 if((nsig=shp->st.trapmax)>0 || shp->st.trapcom[0]) 573 { 574 ++nsig; 575 savsig = malloc(nsig * sizeof(char*)); 576 /* 577 * the data is, usually, modified in code like: 578 * tmp = buf[i]; buf[i] = strdup(tmp); free(tmp); 579 * so shp->st.trapcom needs a "deep copy" to properly save/restore pointers. 580 */ 581 for (isig = 0; isig < nsig; ++isig) 582 { 583 if(shp->st.trapcom[isig] == Empty) 584 savsig[isig] = Empty; 585 else if(shp->st.trapcom[isig]) 586 savsig[isig] = strdup(shp->st.trapcom[isig]); 587 else 588 savsig[isig] = NULL; 589 } On line 574, the number of signals 'nsig' is increased by one. That increase is permanent, so the 'for' loop on line 581 tries to save one signal state too many. The increase was a holdout from the ksh93 code from before the patch. After the patch, it is not required; it is fine to malloc as many records as there are trapcom elements to save. So it should simply be removed. xec.c has the same code to save trap states for ksh functions, and the same applies. src/cmd/ksh93/sh/subshell.c: sh_subshell(): - Don't increase nsig. src/cmd/ksh93/sh/xec.c: sh_funscope(): - Same. src/cmd/ksh93/tests/signal.sh: - Add test.
- Loading branch information