[patch] segfault in sh for bogus redirection
Stefan Farfeleder
stefanf at FreeBSD.org
Tue Jul 15 20:46:05 UTC 2008
On Mon, Jul 14, 2008 at 01:06:35AM +0200, Simon L. Nielsen wrote:
> Hey Stefan (and other people familiar with the sh(1) code),
>
> I stumbled on a corner case bug in sh(1) where it segfaults instead of
> giving a proper error message. This only happens when you do
> something stupid, but I thought it should be fixed anyway.
>
> When you redirect to an unset or empty variable things fail:
>
> $ sh -c 'echo 1 >&$a'
> Segmentation fault (core dumped)
>
> With patch:
>
> $ sh -c 'echo 1 >&$a'
> Syntax error: Bad fd number
>
> I have made a patch which fixes the issue (attached) so it fails
> normally with an error, but I'm not sure if it's the right way of
> fixing it. Do you think this fix is OK, or is there a better way to
> do this?
>
> I also included a regression test to check for the problem.
Hi,
I don't think your patch is correct. The value of 'fn.list->text' is
not properly initialised in eval.c:441 and only NULL by chance. Try
this patch instead. I still need to test it properly though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: redir.diff
Type: text/x-diff
Size: 400 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080715/d397b420/redir.bin
More information about the freebsd-current
mailing list