From 096f46eee5dc31025625eefa67ff61146db0aa21 Mon Sep 17 00:00:00 2001 From: Martijn Dekker Date: Sat, 9 Jan 2021 00:28:11 +0000 Subject: [PATCH] Fix for memory mgmt in variable expansion (Solaris 105-CR7032068) This upstreams a Solaris patch: https://github.com/oracle/solaris-userland/blob/master/components/ksh93/patches/105-CR7032068.patch No other information is publicly available but this has been in production use on Solaris for a long time. It looks like this is intended to avoid an invalid free(). --- src/cmd/ksh93/sh/macro.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/cmd/ksh93/sh/macro.c b/src/cmd/ksh93/sh/macro.c index 3a8ef035d84b..b273a436bde1 100644 --- a/src/cmd/ksh93/sh/macro.c +++ b/src/cmd/ksh93/sh/macro.c @@ -1071,7 +1071,7 @@ static int varsub(Mac_t *mp) { register int c; register int type=0; /* M_xxx */ - register char *v,*argp=0; + register char *v, *new_v=0, *argp=0; register Namval_t *np = NIL(Namval_t*); register int dolg=0, mode=0; Lex_t *lp = (Lex_t*)mp->shp->lex_context; @@ -1450,6 +1450,7 @@ static int varsub(Mac_t *mp) if((mp->let || (mp->arith&&nv_isattr(np,(NV_LJUST|NV_RJUST|NV_ZFILL)))) && !nv_isattr(np,NV_INTEGER) && (offset==0 || isspace(c) || strchr(",.+-*/=%&|^?!<>",c))) mp->zeros = 1; } + new_v = v = strdup(v); if(savptr==stakptr(0)) stkseek(stkp,offset); else @@ -2018,6 +2019,8 @@ static int varsub(Mac_t *mp) } if(np) nv_close(np); + if(new_v) + free(new_v); if(pattern) free(pattern); if(repstr) @@ -2026,6 +2029,8 @@ static int varsub(Mac_t *mp) free(idx); return(1); nosub: + if(new_v) + free(new_v); if(type==M_BRACE && sh_lexstates[ST_NORM][c]==S_BREAK) { fcseek(-1);