Project

General

Profile

Actions

Bug #12302

closed

ksh dumps core while parsing functions

Added by Alexander Pyhalov over 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

cat test.ksh 
#!/bin/ksh93

pt () {
}

ksh93 test.ksh 
test.ksh: syntax error at line 4: `}' unexpected
Segmentation Fault (core dumped)

mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
> $C
fffffd7fffdff0e0 libast.so.1`sfstack+0x41(fffffd7feeffa060, 29eeffa060)
fffffd7fffdff130 libast.so.1`stkinstall+0x8f(29eeffa060, 0)
fffffd7fffdff290 libshell.so.1`funct+0x316(4125a0)
fffffd7fffdff360 libshell.so.1`simple+0xaa3(4125a0, 85, 0)
fffffd7fffdff3c0 libshell.so.1`item+0x109(4125a0, 85)
fffffd7fffdff400 libshell.so.1`term+0x4c(4125a0, 84)
fffffd7fffdff430 libshell.so.1`list+0x11(4125a0, 84)
fffffd7fffdff480 libshell.so.1`sh_cmd+0x44(4125a0, a, 84)
fffffd7fffdff530 libshell.so.1`sh_parse+0x1cc(fffffd7fef164320, 4a9170, 0)
fffffd7fffdff630 libshell.so.1`exfile+0x3c4(fffffd7fef164320, 0, 3)
fffffd7fffdff730 libshell.so.1`sh_main+0x3cb(2, fffffd7fffdff7b8, 0)
fffffd7fffdff760 main+0x4d()
fffffd7fffdff790 _start_crt+0x83()
fffffd7fffdff7a0 _start+0x18()
> ::status
debugging core file of ksh93 (64-bit) from pyhalov
file: /usr/bin/amd64/ksh93
initial argv: ksh93 test.ksh
threading model: native threads
status: process terminated by SIGSEGV (Segmentation Fault), addr=29eeffa0bc

Actions #1

Updated by Andy Fiddaman about 1 year ago

With the latest illumos ksh93, I can only replicate this with the 32-bit version.

bloody% /usr/bin/amd64/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
bloody%
bloody% /usr/bin/i86/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
zsh: segmentation fault (core dumped)  /usr/bin/i86/ksh93 test12302.ksh
Actions #2

Updated by Andy Fiddaman about 1 year ago

  • Subject changed from ksh dumps core while parsing file to ksh dumps core while parsing functions
  • Category set to cmd - userland programs
  • Status changed from New to In Progress
  • Assignee set to Andy Fiddaman
  • Difficulty changed from Medium to Bite-size
Actions #3

Updated by Andy Fiddaman about 1 year ago

This is happening because the savstak variable in sh/parse.c:funct() is not initialised.
For functions which contain no commands, a new stack frame is never created and then, when it tries to restore the stack frame later in the function, it passes random stack contents in as the pointer to the old stack frame.

Initialising the old stack pointer to NULL fixes this, and is what was done in other forks of ksh:

References:
Actions #4

Updated by Andy Fiddaman about 1 year ago

Testing

loody% /usr/bin/i86/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
bloody% /usr/bin/amd64/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
bloody%

Also tested with UMEM_DEBUG=default, and ran the ksh93 testsuite where the results were the same before and after this change.

Actions #5

Updated by Electric Monk about 1 year ago

  • Gerrit CR set to 1315
Actions #6

Updated by Electric Monk about 1 year ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 63be7eb52ac2a58b3a00a7c7dff8d701df814cc0

commit  63be7eb52ac2a58b3a00a7c7dff8d701df814cc0
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date:   2021-03-10T19:18:50.000Z

    12302 ksh dumps core while parsing functions
    Reviewed by: Paul Winder <paul@winder.uk.net>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Rich Lowe <richlowe@richlowe.net>

Actions

Also available in: Atom PDF