Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix memory corruption when a compound variable is unset #49

Merged
merged 1 commit into from
Jun 29, 2020
Merged

Fix memory corruption when a compound variable is unset #49

merged 1 commit into from
Jun 29, 2020

Conversation

JohnoKing
Copy link

@JohnoKing JohnoKing commented Jun 29, 2020
edited
Loading

The following set of commands sometimes ends with a memory fault because ksh attempts to free memory twice, causing memory corruption:

# To reproduce the crash more consistently, run these
# commands individually in a terminal.
$ testarray=(1 2)
$ compound testarray
$ unset testarray
$ eval testarray=
Memory fault

# If you wish to run the above commands from a script
# instead, then use this set of commands:
$ unset LC_ALL
$ chmod +x ./reproducer.sh
$ ksh -c ./reproducer.sh

The fix is to make sure np->nvfun is a valid pointer before attempting to free memory in put_tree. This patch is from OpenSUSE: https://build.opensuse.org/package/view_file/shells/ksh/ksh93-nvtree-free.dif?expand=1

@JohnoKing JohnoKing force-pushed the fix-compound-vars branch 4 times, most recently from b83543f to 9c84744 Compare June 29, 2020 00:47
@JohnoKing
Fix memory corruption when a compound variable is unset
ad11740 
The following set of commands ends with a memory fault under
certain circumstances because ksh attempts to free memory
twice, causing memory corruption:

$ testarray=(1 2)
$ compound testarray
$ unset testarray
$ eval testarray=

The fix is to make sure 'np->nvfun' is a valid pointer before
attempting to free memory in 'put_tree'. This patch is from
OpenSUSE: https://build.opensuse.org/package/view_file/shells/ksh/ksh93-nvtree-free.dif?expand=1

src/cmd/ksh93/sh/nvtree.c:
- Do not try to free memory when 'np->nvfun' and 'val'
  are false.

src/cmd/ksh93/tests/comvar.sh:
- Add a regression test for the double free problem. The
  reproducer must be run from an executable script
  with 'ksh -c'.
@McDutchie McDutchie merged commit 10b6ba8 into ksh93:master Jun 29, 2020
@JohnoKing JohnoKing deleted the fix-compound-vars branch June 30, 2020 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JohnoKing @McDutchie