From owner-freebsd-bugs Thu May 4 22:41:27 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA13519 for bugs-outgoing; Thu, 4 May 1995 22:41:27 -0700 Received: from lirmm.lirmm.fr (lirmm.lirmm.fr [193.49.104.10]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id WAA13513 for ; Thu, 4 May 1995 22:41:26 -0700 Received: from lirmm.fr (baobab.lirmm.fr [193.49.106.14]) by lirmm.lirmm.fr (8.6.10/8.6.4) with ESMTP id HAA12977 for ; Fri, 5 May 1995 07:41:23 +0200 Message-Id: <199505050541.HAA12977@lirmm.lirmm.fr> To: bugs@FreeBSD.org Subject: bug in sh (core dumped) Date: Fri, 05 May 1995 07:41:21 +0200 From: "Philippe Charnier" Sender: bugs-owner@FreeBSD.org Precedence: bulk Hello, There is a bug in sh: the built in command "fc -l" generates a core dump (*NULL in not_fcnumber). According to the sh manual page (fc -l [-nr] [first [last]]), fc -l is a correct sequence (in that case, values are defaulted to -16 and -1) but fails when first is not given. The program enters histcmd (in histedit.c) and then run the code: optreset = 1; optind = 1; /* initialize getopt */ while (not_fcnumber(argv[optind]) && (ch = getopt(argc, argv, ":e:lnrs")) != EOF) switch ((char)ch) { case 'e': editor = optarg; break; case 'l': lflg = 1; ... } argv[0] is "fc" argv[1] is "-l" The second loop runs not_fcnumber(NULL) (in histedit.c) and fails. *** histedit.c.orig Fri May 5 07:35:05 1995 --- histedit.c Fri May 5 07:38:29 1995 *************** *** 389,395 **** not_fcnumber(s) char *s; { ! if (*s == '-') s++; return (!is_number(s)); } --- 389,399 ---- not_fcnumber(s) char *s; { ! if (s == NULL) { ! /* *NULL is not a fc_number */ ! return (1); ! } ! if (*s == '-') s++; return (!is_number(s)); } -------- -------- Philippe Charnier charnier@lirmm.fr LIRMM, 161 rue Ada, 34392 Montpellier cedex 5 -- France ------------------------------------------------------------------------