Date: Sat, 16 May 2020 16:30:10 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246497] /bin/sh crashes since r360452 in emulators/xsystem35, misc/gpsim, x11-themes/clearlooks Message-ID: <bug-246497-227-jmJnmy5De9@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246497-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246497-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246497 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: jilles Date: Sat May 16 16:29:24 UTC 2020 New revision: 361112 URL: https://svnweb.freebsd.org/changeset/base/361112 Log: sh: Fix double INTON with vfork The shell maintains a count of the number of times SIGINT processing has been disabled via INTOFF, so SIGINT processing resumes when all disables have enabled again (INTON). If an error occurs in a vfork() child, the processing of the error enables SIGINT processing again, and the INTON in vforkexecshell() causes the count to become negative. As a result, a later INTOFF may not actually disable SIGINT processing. This might cause memory corruption if a SIGINT arrives at an inopportune time. As of r360452, it causes the shell to abort when it would unsafely allocate or free memory in certain ways. Note that various places such as errors in non-special builtins unconditionally reset the count to 0, so the problem might still not always be visible. PR: 246497 Reported by: jbeich MFC after: 2 weeks Changes: head/bin/sh/jobs.c head/bin/sh/tests/execution/Makefile head/bin/sh/tests/execution/unknown2.0 -- You are receiving this mail because: You are on the CC list for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246497-227-jmJnmy5De9>