Date: Thu, 17 Jul 2008 22:38:05 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: [patch] segfault in sh for bogus redirection Message-ID: <20080717203804.GC1437@zaphod.nitro.dk> In-Reply-To: <20080715202852.GB1366@lizard.fafoe.narf.at> References: <20080713230635.GC15766@zaphod.nitro.dk> <20080715202852.GB1366@lizard.fafoe.narf.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2008.07.15 22:28:52 +0200, Stefan Farfeleder wrote: > On Mon, Jul 14, 2008 at 01:06:35AM +0200, Simon L. Nielsen wrote: > > Hey Stefan (and other people familiar with the sh(1) code), > > > > I stumbled on a corner case bug in sh(1) where it segfaults instead of > > giving a proper error message. This only happens when you do > > something stupid, but I thought it should be fixed anyway. > > > > When you redirect to an unset or empty variable things fail: > > > > $ sh -c 'echo 1 >&$a' > > Segmentation fault (core dumped) [...] > I don't think your patch is correct. The value of 'fn.list->text' is > not properly initialised in eval.c:441 and only NULL by chance. Try Ah, ok. I tried to follow the code some, but it wasn't really obvious to me what was going on :-). > this patch instead. I still need to test it properly though. Yes, your patch also makes sh fail gracefully. -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080717203804.GC1437>