Bug #12302
closed
ksh dumps core while parsing functions
Added by Alexander Pyhalov over 2 years ago.
Updated over 1 year ago.
Category:
cmd - userland programs
Description
cat test.ksh
#!/bin/ksh93
pt () {
}
ksh93 test.ksh
test.ksh: syntax error at line 4: `}' unexpected
Segmentation Fault (core dumped)
mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
> $C
fffffd7fffdff0e0 libast.so.1`sfstack+0x41(fffffd7feeffa060, 29eeffa060)
fffffd7fffdff130 libast.so.1`stkinstall+0x8f(29eeffa060, 0)
fffffd7fffdff290 libshell.so.1`funct+0x316(4125a0)
fffffd7fffdff360 libshell.so.1`simple+0xaa3(4125a0, 85, 0)
fffffd7fffdff3c0 libshell.so.1`item+0x109(4125a0, 85)
fffffd7fffdff400 libshell.so.1`term+0x4c(4125a0, 84)
fffffd7fffdff430 libshell.so.1`list+0x11(4125a0, 84)
fffffd7fffdff480 libshell.so.1`sh_cmd+0x44(4125a0, a, 84)
fffffd7fffdff530 libshell.so.1`sh_parse+0x1cc(fffffd7fef164320, 4a9170, 0)
fffffd7fffdff630 libshell.so.1`exfile+0x3c4(fffffd7fef164320, 0, 3)
fffffd7fffdff730 libshell.so.1`sh_main+0x3cb(2, fffffd7fffdff7b8, 0)
fffffd7fffdff760 main+0x4d()
fffffd7fffdff790 _start_crt+0x83()
fffffd7fffdff7a0 _start+0x18()
> ::status
debugging core file of ksh93 (64-bit) from pyhalov
file: /usr/bin/amd64/ksh93
initial argv: ksh93 test.ksh
threading model: native threads
status: process terminated by SIGSEGV (Segmentation Fault), addr=29eeffa0bc
With the latest illumos ksh93, I can only replicate this with the 32-bit version.
bloody% /usr/bin/amd64/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
bloody%
bloody% /usr/bin/i86/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
zsh: segmentation fault (core dumped) /usr/bin/i86/ksh93 test12302.ksh
- Subject changed from ksh dumps core while parsing file to ksh dumps core while parsing functions
- Category set to cmd - userland programs
- Status changed from New to In Progress
- Assignee set to Andy Fiddaman
- Difficulty changed from Medium to Bite-size
This is happening because the savstak variable in sh/parse.c:funct() is not initialised.
For functions which contain no commands, a new stack frame is never created and then, when it tries to restore the stack frame later in the function, it passes random stack contents in as the pointer to the old stack frame.
Initialising the old stack pointer to NULL fixes this, and is what was done in other forks of ksh:
References:
Testing
loody% /usr/bin/i86/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
bloody% /usr/bin/amd64/ksh93 test12302.ksh
test12302.ksh: syntax error at line 4: `}' unexpected
bloody%
Also tested with UMEM_DEBUG=default, and ran the ksh93 testsuite where the results were the same before and after this change.
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit 63be7eb52ac2a58b3a00a7c7dff8d701df814cc0
commit 63be7eb52ac2a58b3a00a7c7dff8d701df814cc0
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date: 2021-03-10T19:18:50.000Z
12302 ksh dumps core while parsing functions
Reviewed by: Paul Winder <paul@winder.uk.net>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Rich Lowe <richlowe@richlowe.net>
Also available in: Atom
PDF
Updated by 
Updated by