From owner-freebsd-current@FreeBSD.ORG  Thu Jul 17 20:38:13 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 93116106566B
	for <freebsd-current@freebsd.org>; Thu, 17 Jul 2008 20:38:13 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
	by mx1.freebsd.org (Postfix) with ESMTP id 2A5558FC17
	for <freebsd-current@freebsd.org>; Thu, 17 Jul 2008 20:38:07 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from zaphod.nitro.dk (unknown [192.168.3.39])
	by mx.nitro.dk (Postfix) with ESMTP id AAEF32DC08C
	for <freebsd-current@freebsd.org>; Thu, 17 Jul 2008 20:37:32 +0000 (UTC)
Received: by zaphod.nitro.dk (Postfix, from userid 3000)
	id B7EB111EB9; Thu, 17 Jul 2008 22:38:05 +0200 (CEST)
Date: Thu, 17 Jul 2008 22:38:05 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: freebsd-current@freebsd.org
Message-ID: <20080717203804.GC1437@zaphod.nitro.dk>
References: <20080713230635.GC15766@zaphod.nitro.dk>
	<20080715202852.GB1366@lizard.fafoe.narf.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20080715202852.GB1366@lizard.fafoe.narf.at>
User-Agent: Mutt/1.5.16 (2007-06-09)
Subject: Re: [patch] segfault in sh for bogus redirection
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2008 20:38:13 -0000

On 2008.07.15 22:28:52 +0200, Stefan Farfeleder wrote:
> On Mon, Jul 14, 2008 at 01:06:35AM +0200, Simon L. Nielsen wrote:
> > Hey Stefan (and other people familiar with the sh(1) code),
> > 
> > I stumbled on a corner case bug in sh(1) where it segfaults instead of
> > giving a proper error message.  This only happens when you do
> > something stupid, but I thought it should be fixed anyway.
> > 
> > When you redirect to an unset or empty variable things fail:
> > 
> >      $ sh -c 'echo 1 >&$a'
> >      Segmentation fault (core dumped)
[...]
> I don't think your patch is correct.  The value of 'fn.list->text' is
> not properly initialised in eval.c:441 and only NULL by chance.  Try

Ah, ok.  I tried to follow the code some, but it wasn't really obvious
to me what was going on :-).

> this patch instead.  I still need to test it properly though.

Yes, your patch also makes sh fail gracefully.

-- 
Simon L. Nielsen