Date: Sat, 16 May 2020 16:30:10 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246497] /bin/sh crashes since r360452 in emulators/xsystem35, misc/gpsim, x11-themes/clearlooks Message-ID: <bug-246497-227-jmJnmy5De9@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246497-227@https.bugs.freebsd.org/bugzilla/> References: <bug-246497-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246497 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: jilles Date: Sat May 16 16:29:24 UTC 2020 New revision: 361112 URL: https://svnweb.freebsd.org/changeset/base/361112 Log: sh: Fix double INTON with vfork The shell maintains a count of the number of times SIGINT processing has been disabled via INTOFF, so SIGINT processing resumes when all disables have enabled again (INTON). If an error occurs in a vfork() child, the processing of the error enables SIGINT processing again, and the INTON in vforkexecshell() causes the cou= nt to become negative. As a result, a later INTOFF may not actually disable SIGINT processing. T= his might cause memory corruption if a SIGINT arrives at an inopportune time.= As of r360452, it causes the shell to abort when it would unsafely allocate = or free memory in certain ways. Note that various places such as errors in non-special builtins unconditionally reset the count to 0, so the problem might still not alwa= ys be visible. PR: 246497 Reported by: jbeich MFC after: 2 weeks Changes: head/bin/sh/jobs.c head/bin/sh/tests/execution/Makefile head/bin/sh/tests/execution/unknown2.0 --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246497-227-jmJnmy5De9>