>Number:         29410
>Category:       bin
>Synopsis:       /bin/sh segfaults under certain circumstances when writing output
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 16 23:51:00 +0000 2005
>Originator:     Peter.Bex@student.kun.nl
>Release:        NetBSD 2.0
>Organization:
>Environment:
	
	
System: NetBSD frohike.nvie.com 2.0 NetBSD 2.0 (FROHIKE) #0: Wed Dec 22 10:00:59 CET 2004 sjamaan@frohike.nvie.com:/usr/src/sys/arch/i386/compile/FROHIKE i386
Architecture: i386
Machine: i386
>Description:
	/bin/sh segfaults in certain strange circumstances.  I have observed this
	while using pkgsrc.

	$ cd /usr/pkgsrc/wip/orion
	$ make patch
	$ su
	<root passwd>
	# touch work/.work.log
	# chmod 644 work/.work.log
	# exit
	$ make print-PLIST

	This briefly shows that a program segfaults, but it still continues.

	Pinning it down, it appears to happen in work/.wrapper/bin/cc, in the
	following context:

	case $append_extra_args in
	yes)
	        $debug_log $wrapperlog "    (wrapper.sh) append args: "
	        set -- "$@"
       		;;
	*)
        	;;
	esac

	The bug occurs during debug_log, it appears.  The $wrapperlog contains
	the string "/usr/pkgsrc/wip/orion/work/.work.log".

	Tracing the bug, it appears that somewhere in the error.c/output.c
	functionality of /bin/sh there is a bug (quite probably a buffer overrun,
	making this a slightly more serious situation).

>How-To-Repeat:
	See above
>Fix:
	N/A :(

>Unformatted: