* [PATCH dash] [EXPAND] Free IFS state after here document expansion
[not found] <20110313144103.30026.48296.reportbug@volta.aurel32.net>
@ 2011-03-13 18:48 ` Jonathan Nieder
2011-03-15 8:02 ` Herbert Xu
0 siblings, 1 reply; 2+ messages in thread
From: Jonathan Nieder @ 2011-03-13 18:48 UTC (permalink / raw)
To: dash; +Cc: Aurelien Jarno, Herbert Xu
Here's another bug bisecting to f42e443bb ([EXPAND] Fix
ifsfirst/ifslastp leak, 2010-09-08). It was found with the following
test case, based on the configure script for Tracker:
dash -x -c '
<<-_ACEOF
$@
_ACEOF
exec
' - abcdefgh
+
+ exec �a
exec: 1: : Permission denied
The missing ifsfree call is in expandarg when it returns to openhere
during here document expansion.
Reported-by: Aurelien Jarno <aurel32@debian.org>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
Hi,
Aurelien Jarno wrote[1]:
> https://buildd.debian.org/fetch.cgi?pkg=tracker&arch=amd64&ver=0.10.3-1&stamp=1299968124&file=log&as=raw
[...]
> | 57145 dash CALL execve(0x806bf64,0x806ba64,0x806bef4)
> | 57145 dash NAMI "/usr/local/bincd$e,f4g<hDnLoTpu"
This patch seems to fix it. Thoughts?
[1] http://bugs.debian.org/618023
src/expand.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/expand.c b/src/expand.c
index 7a9b157..eac6c6d 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -194,6 +194,7 @@ expandarg(union node *arg, struct arglist *arglist, int flag)
p = _STPUTC('\0', expdest);
expdest = p - 1;
if (arglist == NULL) {
+ ifsfree();
return; /* here document expanded */
}
p = grabstackstr(p);
--
1.7.4.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH dash] [EXPAND] Free IFS state after here document expansion
2011-03-13 18:48 ` [PATCH dash] [EXPAND] Free IFS state after here document expansion Jonathan Nieder
@ 2011-03-15 8:02 ` Herbert Xu
0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2011-03-15 8:02 UTC (permalink / raw)
To: Jonathan Nieder; +Cc: dash, Aurelien Jarno
On Sun, Mar 13, 2011 at 01:48:58PM -0500, Jonathan Nieder wrote:
> Here's another bug bisecting to f42e443bb ([EXPAND] Fix
> ifsfirst/ifslastp leak, 2010-09-08). It was found with the following
> test case, based on the configure script for Tracker:
>
> dash -x -c '
> <<-_ACEOF
> $@
> _ACEOF
> exec
> ' - abcdefgh
> +
> + exec �a
> exec: 1: : Permission denied
>
> The missing ifsfree call is in expandarg when it returns to openhere
> during here document expansion.
>
> Reported-by: Aurelien Jarno <aurel32@debian.org>
> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Applied with minor rearrangement. Thanks!
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
commit a58d301405d96fb8ff87cffa3cabe3b110214a31
Author: Jonathan Nieder <jrnieder@gmail.com>
Date: Tue Mar 15 16:01:34 2011 +0800
[EXPAND] Free IFS state after here document expansion
Here's another bug bisecting to f42e443bb ([EXPAND] Fix
ifsfirst/ifslastp leak, 2010-09-08). It was found with the following
test case, based on the configure script for Tracker:
dash -x -c '
<<-_ACEOF
$@
_ACEOF
exec
' - abcdefgh
+
+ exec �a
exec: 1: : Permission denied
The missing ifsfree call is in expandarg when it returns to openhere
during here document expansion.
Reported-by: Aurelien Jarno <aurel32@debian.org>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/ChangeLog b/ChangeLog
index 44e5bdf..5163479 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2011-03-15 Jonathan Nieder <jrnieder@gmail.com>
+
+ * Free IFS state after here document expansion.
+
2011-03-15 Harald van Dijk <harald@gigawatt.nl>
* Let funcnode refer to a function definition, not its first command.
diff --git a/src/expand.c b/src/expand.c
index f155ea0..ce60fe9 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -194,7 +194,8 @@ expandarg(union node *arg, struct arglist *arglist, int flag)
p = _STPUTC('\0', expdest);
expdest = p - 1;
if (arglist == NULL) {
- return; /* here document expanded */
+ /* here document expanded */
+ goto out;
}
p = grabstackstr(p);
exparg.lastp = &exparg.list;
@@ -212,12 +213,14 @@ expandarg(union node *arg, struct arglist *arglist, int flag)
*exparg.lastp = sp;
exparg.lastp = &sp->next;
}
- ifsfree();
*exparg.lastp = NULL;
if (exparg.list) {
*arglist->lastp = exparg.list;
arglist->lastp = exparg.lastp;
}
+
+out:
+ ifsfree();
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-03-15 8:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20110313144103.30026.48296.reportbug@volta.aurel32.net>
2011-03-13 18:48 ` [PATCH dash] [EXPAND] Free IFS state after here document expansion Jonathan Nieder
2011-03-15 8:02 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.