Date: Sat, 16 May 2020 16:29:23 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361112 - in head/bin/sh: . tests/execution Message-ID: <202005161629.04GGTN3r029034@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jilles Date: Sat May 16 16:29:23 2020 New Revision: 361112 URL: https://svnweb.freebsd.org/changeset/base/361112 Log: sh: Fix double INTON with vfork The shell maintains a count of the number of times SIGINT processing has been disabled via INTOFF, so SIGINT processing resumes when all disables have enabled again (INTON). If an error occurs in a vfork() child, the processing of the error enables SIGINT processing again, and the INTON in vforkexecshell() causes the count to become negative. As a result, a later INTOFF may not actually disable SIGINT processing. This might cause memory corruption if a SIGINT arrives at an inopportune time. As of r360452, it causes the shell to abort when it would unsafely allocate or free memory in certain ways. Note that various places such as errors in non-special builtins unconditionally reset the count to 0, so the problem might still not always be visible. PR: 246497 Reported by: jbeich MFC after: 2 weeks Added: head/bin/sh/tests/execution/unknown2.0 (contents, props changed) Modified: head/bin/sh/jobs.c head/bin/sh/tests/execution/Makefile Modified: head/bin/sh/jobs.c ============================================================================== --- head/bin/sh/jobs.c Sat May 16 14:33:08 2020 (r361111) +++ head/bin/sh/jobs.c Sat May 16 16:29:23 2020 (r361112) @@ -1008,9 +1008,11 @@ vforkexecshell(struct job *jp, char **argv, char **env pid_t pid; struct jmploc jmploc; struct jmploc *savehandler; + int inton; TRACE(("vforkexecshell(%%%td, %s, %p) called\n", jp - jobtab, argv[0], (void *)pip)); + inton = is_int_on(); INTOFF; flushall(); savehandler = handler; @@ -1045,7 +1047,7 @@ vforkexecshell(struct job *jp, char **argv, char **env setcurjob(jp); #endif } - INTON; + SETINTON(inton); TRACE(("In parent shell: child = %d\n", (int)pid)); return pid; } Modified: head/bin/sh/tests/execution/Makefile ============================================================================== --- head/bin/sh/tests/execution/Makefile Sat May 16 14:33:08 2020 (r361111) +++ head/bin/sh/tests/execution/Makefile Sat May 16 16:29:23 2020 (r361112) @@ -64,6 +64,7 @@ ${PACKAGE}FILES+= subshell2.0 ${PACKAGE}FILES+= subshell3.0 ${PACKAGE}FILES+= subshell4.0 ${PACKAGE}FILES+= unknown1.0 +${PACKAGE}FILES+= unknown2.0 ${PACKAGE}FILES+= var-assign1.0 .include <bsd.test.mk> Added: head/bin/sh/tests/execution/unknown2.0 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/bin/sh/tests/execution/unknown2.0 Sat May 16 16:29:23 2020 (r361112) @@ -0,0 +1,6 @@ +# $FreeBSD$ + +{ + : $(/var/empty/nosuchtool) + : $(:) +} 2>/dev/null
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005161629.04GGTN3r029034>