Subject: /bin/sh crashing
To: None <current-users@netbsd.org>
From: Jukka Salmi <j+nbsd@2007.salmi.ch>
List: current-users
Date: 05/23/2007 15:45:53
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi,

the attached shell script crashes /bin/sh on NetBSD with a segfault,
at least with -current and 3.1_STABLE. However, if the script is
slightly modified - e.g. if the useless `if test 1' condition on line
5 or the also useless `true;' on line 9 is removed - then running it
doesn't crash the shell. And, BTW, it doesn't crash ksh or bash...

$ /tmp/sh -x test.sh # /tmp/sh is a /bin/sh compiled with -g
+ CACHE=/tmp/cache
+ UPTODATE=1
+ IFS=:
+ test 1
+ true
+ unset UPTODATE
+ break
+ test !
Segmentation fault (core dumped)

$ gdb /tmp/sh sh.core
GNU gdb 6.5
[...]
Core was generated by `sh'.
Program terminated with signal 11, Segmentation fault.
#0  findop (s=0x656d6167 <Address 0x656d6167 out of bounds>) at /usr/src/bin/test/test.c:427
427		if (s[0] == '-') {
(gdb) bt
#0  findop (s=0x656d6167 <Address 0x656d6167 out of bounds>) at /usr/src/bin/test/test.c:427
#1  0x0805b3ee in t_lex (s=0x656d6167 <Address 0x656d6167 out of bounds>) at /usr/src/bin/test/test.c:459
#2  0x0805ba82 in aexpr (n=<value optimized out>) at /usr/src/bin/test/test.c:255
#3  0x0805bacc in oexpr (n=1701667175) at /usr/src/bin/test/test.c:242
#4  0x0805bb62 in testcmd (argc=2, argv=0x8067274) at /usr/src/bin/test/test.c:219
#5  0x0804c594 in evalcommand (cmd=0x8063e6c, flgs=2, backcmd=0x0) at /home/jukka/temp2/sh/eval.c:1004
#6  0x0804ba6c in evaltree (n=0x8063e6c, flags=2) at /home/jukka/temp2/sh/eval.c:294
#7  0x0804bafd in evaltree (n=0x8063e0c, flags=0) at /home/jukka/temp2/sh/eval.c:261
#8  0x08054b0c in cmdloop (top=1) at /home/jukka/temp2/sh/main.c:266
#9  0x08054e24 in main (argc=3, argv=0xbfbfeb2c) at /home/jukka/temp2/sh/main.c:217
(gdb) quit

I'm not familiar enough with the test(1) code to see the correct fix
for this bug. Help is appreciated!


TIA, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~

--17pEHd4RhPHOinZp
Content-Type: application/x-sh
Content-Disposition: attachment; filename="test.sh"
Content-Transfer-Encoding: quoted-printable

CACHE=3D/tmp/cache=0AUPTODATE=3D1=0AIFS=3D:=0A=0Aif test 1=0Athen=0A	for di=
r in $PATH=0A	do=0A		true; { unset UPTODATE; break; }=0A	done=0Afi=0A=0Aif =
test ! $UPTODATE=0Athen=0A	for dir in $PATH=0A	do=0A		for file in "$dir"/*=
=0A		do=0A			test -x "$file" && echo "${file##*/}"=0A		done=0A	done > $CACH=
E=0Afi=0A
--17pEHd4RhPHOinZp--