From owner-svn-src-head@FreeBSD.ORG  Sun Jul 25 22:25:53 2010
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0F2541065672;
	Sun, 25 Jul 2010 22:25:53 +0000 (UTC)
	(envelope-from jilles@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id D9BE78FC16;
	Sun, 25 Jul 2010 22:25:52 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o6PMPqv5077594;
	Sun, 25 Jul 2010 22:25:52 GMT (envelope-from jilles@svn.freebsd.org)
Received: (from jilles@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o6PMPqLD077591;
	Sun, 25 Jul 2010 22:25:52 GMT (envelope-from jilles@svn.freebsd.org)
Message-Id: <201007252225.o6PMPqLD077591@svn.freebsd.org>
From: Jilles Tjoelker <jilles@FreeBSD.org>
Date: Sun, 25 Jul 2010 22:25:52 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r210488 - in head: bin/sh tools/regression/bin/sh/parser
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2010 22:25:53 -0000

Author: jilles
Date: Sun Jul 25 22:25:52 2010
New Revision: 210488
URL: http://svn.freebsd.org/changeset/base/210488

Log:
  sh: Fix crash due to uninitialized here-document.
  
  If an ; or & token was followed by an EOF token, pending here-documents were
  left uninitialized. Execution would crash, either in the main shell process
  for literal here-documents or in a child process for expanded
  here-documents. In the latter case the problem is hard to detect apart from
  the core dumps and log messages.
  
  Side effect: slightly different retries on inputs where EOF is not
  persistent.
  
  Note that tools/regression/bin/sh/parser/heredoc6.0 still causes a similar
  crash in a child process. The text passed to eval is malformed and should be
  rejected.

Added:
  head/tools/regression/bin/sh/parser/heredoc7.0   (contents, props changed)
Modified:
  head/bin/sh/parser.c

Modified: head/bin/sh/parser.c
==============================================================================
--- head/bin/sh/parser.c	Sun Jul 25 21:59:12 2010	(r210487)
+++ head/bin/sh/parser.c	Sun Jul 25 22:25:52 2010	(r210488)
@@ -269,6 +269,9 @@ list(int nlflag)
 				parseheredoc();
 				if (nlflag)
 					return n1;
+			} else if (tok == TEOF && nlflag) {
+				parseheredoc();
+				return n1;
 			} else {
 				tokpushback++;
 			}

Added: head/tools/regression/bin/sh/parser/heredoc7.0
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/regression/bin/sh/parser/heredoc7.0	Sun Jul 25 22:25:52 2010	(r210488)
@@ -0,0 +1,19 @@
+# $FreeBSD$
+
+# Some of these created malformed parse trees with null pointers for here
+# documents, causing the here document writing process to segfault.
+eval ': <<EOF'
+eval ': <<EOF;'
+eval '`: <<EOF`'
+eval '`: <<EOF;`'
+eval '`: <<EOF`;'
+eval '`: <<EOF;`;'
+
+# Some of these created malformed parse trees with null pointers for here
+# documents, causing sh to segfault.
+eval ': <<\EOF'
+eval ': <<\EOF;'
+eval '`: <<\EOF`'
+eval '`: <<\EOF;`'
+eval '`: <<\EOF`;'
+eval '`: <<\EOF;`;'