[patch] segfault in sh for bogus redirection
Simon L. Nielsen
simon at FreeBSD.org
Thu Jul 17 20:38:13 UTC 2008
On 2008.07.15 22:28:52 +0200, Stefan Farfeleder wrote:
> On Mon, Jul 14, 2008 at 01:06:35AM +0200, Simon L. Nielsen wrote:
> > Hey Stefan (and other people familiar with the sh(1) code),
> >
> > I stumbled on a corner case bug in sh(1) where it segfaults instead of
> > giving a proper error message. This only happens when you do
> > something stupid, but I thought it should be fixed anyway.
> >
> > When you redirect to an unset or empty variable things fail:
> >
> > $ sh -c 'echo 1 >&$a'
> > Segmentation fault (core dumped)
[...]
> I don't think your patch is correct. The value of 'fn.list->text' is
> not properly initialised in eval.c:441 and only NULL by chance. Try
Ah, ok. I tried to follow the code some, but it wasn't really obvious
to me what was going on :-).
> this patch instead. I still need to test it properly though.
Yes, your patch also makes sh fail gracefully.
--
Simon L. Nielsen
More information about the freebsd-current
mailing list