From 37b0c852481dbf1fe32c4fa1eb99593191d230ff Mon Sep 17 00:00:00 2001 From: Martijn Dekker Date: Sat, 21 Dec 2024 02:21:06 +0000 Subject: [PATCH] sh_setmatch: do not allocate a size 0 block (re: f38494ea) In init.c:867, calloc(3) may be called with a size of 0 on line 867 if nmatch is zero but v (value) is non-NULL. (This is currently triggered by the arrays.sh and attributes.sh regression tests.) As POSIX states: "If the size of the space requested is 0, the behavior is implementation-defined: either a null pointer shall be returned, or the behavior shall be as if the size were some non-zero value, except that the behavior is undefined if the returned pointer is used to access an object."[*] Either way, the behaviour is undefined if the returned pointer is dereferenced. src/cmd/ksh93/sh/init.c: sh_set_match(): - Before calling calloc, return if either nmatch is 0 (there were no matches) or v is NULL (there is no value). Do not require both conditions to be true to return. [*] https://pubs.opengroup.org/onlinepubs/9799919799/functions/calloc.html --- src/cmd/ksh93/sh/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmd/ksh93/sh/init.c b/src/cmd/ksh93/sh/init.c index 4d29ed3b8835..b24920923853 100644 --- a/src/cmd/ksh93/sh/init.c +++ b/src/cmd/ksh93/sh/init.c @@ -830,7 +830,7 @@ void sh_setmatch(const char *v, int vsize, int nmatch, int match[], int index) free(ap); SH_MATCHNOD->nvalue = NULL; SH_MATCHNOD->nvfun = NULL; - if(!(mp->nmatch=nmatch) && !v) + if(!(mp->nmatch=nmatch) || !v) { sh.subshell = savesub; return;