Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 May 2020 16:29:23 +0000 (UTC)
From:      Jilles Tjoelker <jilles@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r361112 - in head/bin/sh: . tests/execution
Message-ID:  <202005161629.04GGTN3r029034@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jilles
Date: Sat May 16 16:29:23 2020
New Revision: 361112
URL: https://svnweb.freebsd.org/changeset/base/361112

Log:
  sh: Fix double INTON with vfork
  
  The shell maintains a count of the number of times SIGINT processing has
  been disabled via INTOFF, so SIGINT processing resumes when all disables
  have enabled again (INTON).
  
  If an error occurs in a vfork() child, the processing of the error enables
  SIGINT processing again, and the INTON in vforkexecshell() causes the count
  to become negative.
  
  As a result, a later INTOFF may not actually disable SIGINT processing. This
  might cause memory corruption if a SIGINT arrives at an inopportune time. As
  of r360452, it causes the shell to abort when it would unsafely allocate or
  free memory in certain ways.
  
  Note that various places such as errors in non-special builtins
  unconditionally reset the count to 0, so the problem might still not always
  be visible.
  
  PR:		246497
  Reported by:	jbeich
  MFC after:	2 weeks

Added:
  head/bin/sh/tests/execution/unknown2.0   (contents, props changed)
Modified:
  head/bin/sh/jobs.c
  head/bin/sh/tests/execution/Makefile

Modified: head/bin/sh/jobs.c
==============================================================================
--- head/bin/sh/jobs.c	Sat May 16 14:33:08 2020	(r361111)
+++ head/bin/sh/jobs.c	Sat May 16 16:29:23 2020	(r361112)
@@ -1008,9 +1008,11 @@ vforkexecshell(struct job *jp, char **argv, char **env
 	pid_t pid;
 	struct jmploc jmploc;
 	struct jmploc *savehandler;
+	int inton;
 
 	TRACE(("vforkexecshell(%%%td, %s, %p) called\n", jp - jobtab, argv[0],
 	    (void *)pip));
+	inton = is_int_on();
 	INTOFF;
 	flushall();
 	savehandler = handler;
@@ -1045,7 +1047,7 @@ vforkexecshell(struct job *jp, char **argv, char **env
 		setcurjob(jp);
 #endif
 	}
-	INTON;
+	SETINTON(inton);
 	TRACE(("In parent shell:  child = %d\n", (int)pid));
 	return pid;
 }

Modified: head/bin/sh/tests/execution/Makefile
==============================================================================
--- head/bin/sh/tests/execution/Makefile	Sat May 16 14:33:08 2020	(r361111)
+++ head/bin/sh/tests/execution/Makefile	Sat May 16 16:29:23 2020	(r361112)
@@ -64,6 +64,7 @@ ${PACKAGE}FILES+=		subshell2.0
 ${PACKAGE}FILES+=		subshell3.0
 ${PACKAGE}FILES+=		subshell4.0
 ${PACKAGE}FILES+=		unknown1.0
+${PACKAGE}FILES+=		unknown2.0
 ${PACKAGE}FILES+=		var-assign1.0
 
 .include <bsd.test.mk>

Added: head/bin/sh/tests/execution/unknown2.0
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/bin/sh/tests/execution/unknown2.0	Sat May 16 16:29:23 2020	(r361112)
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+{
+	: $(/var/empty/nosuchtool) 
+	: $(:)
+} 2>/dev/null



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005161629.04GGTN3r029034>