Skip to content

Commit

Permalink
Backport ksh93v- bugfix for the crash in types.sh
Browse files Browse the repository at this point in the history 
This backports a bugfix from ksh93v- 2012-08-24 for an
invalid read that could cause a crash at the first strncmp
in create_type() due to misalignment (I'm not sure why this
crash doesn't occur on the dev branch, but the read was
nonetheless invalid).

Crash trace from ASan:
  test types(C.UTF-8) begins at 2024-12-13+00:52:02
  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==1860280==ERROR: AddressSanitizer: SEGV on unknown address 0x000000001340 (pc 0x76b7ec289110 bp 0x7ffc5cf9fbb0 sp 0x7ffc5cf9f320 T0)
  ==1860280==The signal is caused by a READ memory access.
      #0 0x76b7ec289110 in strncmp /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:491
      ksh93#1 0x76b7ebe8cfb1 in create_type /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/nvtype.c:486
      ksh93#2 0x76b7ebf5612f in create_tree /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/nvtree.c:74
      ksh93#3 0x76b7ebf431fa in nv_create /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/name.c:1239
      ksh93#4 0x76b7ebf45336 in nv_open /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/name.c:1452
      ksh93#5 0x76b7ebf3da95 in nv_setlist /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/name.c:608
      ksh93#6 0x76b7ebfa4c7d in sh_exec /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/xec.c:1077
      ksh93#7 0x76b7ebe4aba4 in b_dot_cmd /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/bltins/misc.c:324
      ksh93#8 0x76b7ebfbc0e5 in sh_funct /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/xec.c:3204
      ksh93#9 0x76b7ebfbd40e in sh_fun /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/xec.c:3286
      ksh93#10 0x76b7ebe95cdf in type_init /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/nvtype.c:1255
      ksh93#11 0x76b7ebe964f5 in nv_settype /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/nvtype.c:1341
      ksh93#12 0x76b7ebe6e7c9 in setall /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/bltins/typeset.c:893
      ksh93#13 0x76b7ebe6b88d in b_typeset /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/bltins/typeset.c:574
      ksh93#14 0x76b7ebfa74df in sh_exec /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/xec.c:1270
      ksh93#15 0x76b7ebe7d6f7 in exfile /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/main.c:591
      ksh93#16 0x76b7ebe7acf6 in sh_main /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/main.c:344
  • Loading branch information
@JohnoKing
JohnoKing committed Dec 27, 2024
1 parent c692ee1 commit e390adf
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/cmd/ksh93/sh/nvtype.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -481,8 +481,8 @@ static Namval_t *create_type(Namval_t *np,const char *name,int flag,Namfun_t *fp
n = (cp-1) -name;
if(dp->numnodes && dp->strsize<0)
{
char *base = (char*)np-sizeof(Dtlink_t);
int m=strlen(np->nvname);
char *base = (char*)np-(NV_MINSZ-sizeof(Dtlink_t));
size_t m=strlen(np->nvname);
while((nq=nv_namptr(base,++i)) && strncmp(nq->nvname,np->nvname,m)==0)
{
if(nq->nvname[m]=='.' && strncmp(name,&nq->nvname[m+1],n)==0 && nq->nvname[m+n+1]==0)
Expand Down

0 comments on commit e390adf

Please sign in to comment.