From owner-svn-src-all@freebsd.org Sat May 16 16:29:24 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 483B32F68E9; Sat, 16 May 2020 16:29:24 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49PW2D19T4z3DCs; Sat, 16 May 2020 16:29:24 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0AC9A18B38; Sat, 16 May 2020 16:29:24 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04GGTNME029037; Sat, 16 May 2020 16:29:23 GMT (envelope-from jilles@FreeBSD.org) Received: (from jilles@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04GGTN3r029034; Sat, 16 May 2020 16:29:23 GMT (envelope-from jilles@FreeBSD.org) Message-Id: <202005161629.04GGTN3r029034@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jilles set sender to jilles@FreeBSD.org using -f From: Jilles Tjoelker Date: Sat, 16 May 2020 16:29:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361112 - in head/bin/sh: . tests/execution X-SVN-Group: head X-SVN-Commit-Author: jilles X-SVN-Commit-Paths: in head/bin/sh: . tests/execution X-SVN-Commit-Revision: 361112 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 May 2020 16:29:24 -0000 Author: jilles Date: Sat May 16 16:29:23 2020 New Revision: 361112 URL: https://svnweb.freebsd.org/changeset/base/361112 Log: sh: Fix double INTON with vfork The shell maintains a count of the number of times SIGINT processing has been disabled via INTOFF, so SIGINT processing resumes when all disables have enabled again (INTON). If an error occurs in a vfork() child, the processing of the error enables SIGINT processing again, and the INTON in vforkexecshell() causes the count to become negative. As a result, a later INTOFF may not actually disable SIGINT processing. This might cause memory corruption if a SIGINT arrives at an inopportune time. As of r360452, it causes the shell to abort when it would unsafely allocate or free memory in certain ways. Note that various places such as errors in non-special builtins unconditionally reset the count to 0, so the problem might still not always be visible. PR: 246497 Reported by: jbeich MFC after: 2 weeks Added: head/bin/sh/tests/execution/unknown2.0 (contents, props changed) Modified: head/bin/sh/jobs.c head/bin/sh/tests/execution/Makefile Modified: head/bin/sh/jobs.c ============================================================================== --- head/bin/sh/jobs.c Sat May 16 14:33:08 2020 (r361111) +++ head/bin/sh/jobs.c Sat May 16 16:29:23 2020 (r361112) @@ -1008,9 +1008,11 @@ vforkexecshell(struct job *jp, char **argv, char **env pid_t pid; struct jmploc jmploc; struct jmploc *savehandler; + int inton; TRACE(("vforkexecshell(%%%td, %s, %p) called\n", jp - jobtab, argv[0], (void *)pip)); + inton = is_int_on(); INTOFF; flushall(); savehandler = handler; @@ -1045,7 +1047,7 @@ vforkexecshell(struct job *jp, char **argv, char **env setcurjob(jp); #endif } - INTON; + SETINTON(inton); TRACE(("In parent shell: child = %d\n", (int)pid)); return pid; } Modified: head/bin/sh/tests/execution/Makefile ============================================================================== --- head/bin/sh/tests/execution/Makefile Sat May 16 14:33:08 2020 (r361111) +++ head/bin/sh/tests/execution/Makefile Sat May 16 16:29:23 2020 (r361112) @@ -64,6 +64,7 @@ ${PACKAGE}FILES+= subshell2.0 ${PACKAGE}FILES+= subshell3.0 ${PACKAGE}FILES+= subshell4.0 ${PACKAGE}FILES+= unknown1.0 +${PACKAGE}FILES+= unknown2.0 ${PACKAGE}FILES+= var-assign1.0 .include Added: head/bin/sh/tests/execution/unknown2.0 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/bin/sh/tests/execution/unknown2.0 Sat May 16 16:29:23 2020 (r361112) @@ -0,0 +1,6 @@ +# $FreeBSD$ + +{ + : $(/var/empty/nosuchtool) + : $(:) +} 2>/dev/null