Paulo César Pereira de Andrade
2017-03-23 14:30:12 UTC
Hi,
I have a ksh crash coredump that I suspect might have been caused
by recursive eval, but at the crash moment, memory is way too corrupted
to be certain.
The issue is:
sh_eval(Sfio_t *iop, ...)
...
static Sfio_t *io_save;
...
io_save = iop; /* preserve correct value across longjmp */
...
jmpval = sigsetjmp(buffp->buff,0);
while(jmpval==0)
...
if(!(mode&SH_FUNEVAL) || !sfreserve(iop,0,0))
{
if(!(mode&SH_READEVAL))
sfclose(iop);
io_save = 0;
...
if(io_save)
sfclose(io_save);
....
I do not have a reproducer for the crash, but I have a feeling
on special conditions, with nested evals, it might call
sfclose(io_save) multiple times, or leak if io_save is set to
zero in a nested eval.
Thanks,
Paulo
I have a ksh crash coredump that I suspect might have been caused
by recursive eval, but at the crash moment, memory is way too corrupted
to be certain.
The issue is:
sh_eval(Sfio_t *iop, ...)
...
static Sfio_t *io_save;
...
io_save = iop; /* preserve correct value across longjmp */
...
jmpval = sigsetjmp(buffp->buff,0);
while(jmpval==0)
...
if(!(mode&SH_FUNEVAL) || !sfreserve(iop,0,0))
{
if(!(mode&SH_READEVAL))
sfclose(iop);
io_save = 0;
...
if(io_save)
sfclose(io_save);
....
I do not have a reproducer for the crash, but I have a feeling
on special conditions, with nested evals, it might call
sfclose(io_save) multiple times, or leak if io_save is set to
zero in a nested eval.
Thanks,
Paulo