From owner-freebsd-current@FreeBSD.ORG Sun Jul 13 23:24:40 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 554DF106567B; Sun, 13 Jul 2008 23:24:40 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 0BA3C8FC14; Sun, 13 Jul 2008 23:24:39 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id A9B6E2DA40E; Sun, 13 Jul 2008 23:06:03 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id D993A114C4; Mon, 14 Jul 2008 01:06:35 +0200 (CEST) Date: Mon, 14 Jul 2008 01:06:35 +0200 From: "Simon L. Nielsen" To: Stefan Farfeleder , freebsd-current@freebsd.org Message-ID: <20080713230635.GC15766@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline User-Agent: Mutt/1.5.16 (2007-06-09) Cc: Subject: [patch] segfault in sh for bogus redirection X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2008 23:24:40 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hey Stefan (and other people familiar with the sh(1) code), I stumbled on a corner case bug in sh(1) where it segfaults instead of giving a proper error message. This only happens when you do something stupid, but I thought it should be fixed anyway. When you redirect to an unset or empty variable things fail: $ sh -c 'echo 1 >&$a' Segmentation fault (core dumped) With patch: $ sh -c 'echo 1 >&$a' Syntax error: Bad fd number I have made a patch which fixes the issue (attached) so it fails normally with an error, but I'm not sure if it's the right way of fixing it. Do you think this fix is OK, or is there a better way to do this? I also included a regression test to check for the problem. -- Simon L. Nielsen --VbJkn9YxBvnuCH5J Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="sh-redir-segv-0.patch" Index: bin/sh/parser.c =================================================================== --- bin/sh/parser.c (revision 180502) +++ bin/sh/parser.c (working copy) @@ -620,9 +620,9 @@ if (!err) n->ndup.vname = NULL; - if (is_digit(text[0]) && text[1] == '\0') + if (text != NULL && is_digit(text[0]) && text[1] == '\0') n->ndup.dupfd = digit_val(text[0]); - else if (text[0] == '-' && text[1] == '\0') + else if (text != NULL && text[0] == '-' && text[1] == '\0') n->ndup.dupfd = -1; else { Index: tools/regression/bin/sh/errors/redirection-error.2 =================================================================== --- tools/regression/bin/sh/errors/redirection-error.2 (revision 0) +++ tools/regression/bin/sh/errors/redirection-error.2 (revision 0) @@ -0,0 +1,4 @@ +# $FreeBSD$ + +# sh should fail gracefully on this bad redirect +sh -c 'echo 1 >&$a' 2>/dev/null --VbJkn9YxBvnuCH5J--