svn commit: r210488 - in head: bin/sh tools/regression/bin/sh/parser

Jilles Tjoelker jilles at FreeBSD.org
Sun Jul 25 22:25:53 UTC 2010


Author: jilles
Date: Sun Jul 25 22:25:52 2010
New Revision: 210488
URL: http://svn.freebsd.org/changeset/base/210488

Log:
  sh: Fix crash due to uninitialized here-document.
  
  If an ; or & token was followed by an EOF token, pending here-documents were
  left uninitialized. Execution would crash, either in the main shell process
  for literal here-documents or in a child process for expanded
  here-documents. In the latter case the problem is hard to detect apart from
  the core dumps and log messages.
  
  Side effect: slightly different retries on inputs where EOF is not
  persistent.
  
  Note that tools/regression/bin/sh/parser/heredoc6.0 still causes a similar
  crash in a child process. The text passed to eval is malformed and should be
  rejected.

Added:
  head/tools/regression/bin/sh/parser/heredoc7.0   (contents, props changed)
Modified:
  head/bin/sh/parser.c

Modified: head/bin/sh/parser.c
==============================================================================
--- head/bin/sh/parser.c	Sun Jul 25 21:59:12 2010	(r210487)
+++ head/bin/sh/parser.c	Sun Jul 25 22:25:52 2010	(r210488)
@@ -269,6 +269,9 @@ list(int nlflag)
 				parseheredoc();
 				if (nlflag)
 					return n1;
+			} else if (tok == TEOF && nlflag) {
+				parseheredoc();
+				return n1;
 			} else {
 				tokpushback++;
 			}

Added: head/tools/regression/bin/sh/parser/heredoc7.0
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/regression/bin/sh/parser/heredoc7.0	Sun Jul 25 22:25:52 2010	(r210488)
@@ -0,0 +1,19 @@
+# $FreeBSD$
+
+# Some of these created malformed parse trees with null pointers for here
+# documents, causing the here document writing process to segfault.
+eval ': <<EOF'
+eval ': <<EOF;'
+eval '`: <<EOF`'
+eval '`: <<EOF;`'
+eval '`: <<EOF`;'
+eval '`: <<EOF;`;'
+
+# Some of these created malformed parse trees with null pointers for here
+# documents, causing sh to segfault.
+eval ': <<\EOF'
+eval ': <<\EOF;'
+eval '`: <<\EOF`'
+eval '`: <<\EOF;`'
+eval '`: <<\EOF`;'
+eval '`: <<\EOF;`;'


More information about the svn-src-all mailing list