Subject: bin/7502: /bin/sh dumps core on a given script (attached)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <Havard.Eidnes@runit.sintef.no>
List: netbsd-bugs
Date: 04/30/1999 05:50:58
>Number: 7502
>Category: bin
>Synopsis: /bin/sh dumps core on a given script (attached)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Apr 30 05:50:00 1999
>Last-Modified:
>Originator: Havard Eidnes
>Organization:
RUNIT AS
>Release: NetBSD 1.4 release branch 26 April 1999
>Environment:
System: NetBSD vever.runit.sintef.no 1.4_ALPHA NetBSD 1.4_ALPHA (VEVER) #5: Thu Apr 8 18:00:30 MEST 1999 he@vever.runit.sintef.no:/usr/src/sys/arch/i386/compile/VEVER i386
>Description:
/bin/sh dumps core on the script included below.
>How-To-Repeat:
Unpack sh archive, run script and observe core dump.
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# test3a
#
echo x - test3a
sed 's/^X//' >test3a << 'END-of-test3a'
X#! /bin/sh
X
X# The coredump happens with the last entry of this string
X# It doesn't happen when you shorten the string even when leaving the
X# offending last entry intact.
Xexport QUERY_STRING='First_Name=Mikhail&Last_Name=Teterin&Phone=617-332-0552&Fax=&Email=mi%40aldan.algebra.com&Company=%26ls&Division=&Title=&Company_Size=less+than+25&Address=&City=&State=&Postal_Code=&Country=&Reference=Softimage+Website&Intended_Use=&Number_Users=single&Programming=Yes&B2=Submit&QQQLINKQQQ=./dura'
X
X# somewhere before memalloc.c, line 190, variable stackp is set to NULL
X# definitivly a timing problem.
X
Xfor pair in `echo ${QUERY_STRING} | sed 's/&/ /g'` ; do
X _TY_FILE=${pair#QQQLINKQQQ=}
X if [ $_TY_FILE != $pair ]
X then
X# If you activate the following echo's, it will work in my machine
X# Looks like a timing problem...
X# echo check 1 1>&1
X _TY_FILE2=${DOCUMENT_ROOT}${_TY_FILE}
X# echo check 2 1>&1
X
X# The following works when used without the next
X test -f '/e' || echo bla 1>&2
X# This one doesn't
X# test -f '/e' \
X# || echo bla 1>&2
X break
X fi
Xdone
END-of-test3a
exit
>Fix:
This fix is taken from FreeBSD's expand.c revision 1.26
by Tor Egge. Identifying marks only included for information
wrt. what I actually diffed, i.e. a modified 1.45.2.1 vs 1.46.
--- expand.c Wed Apr 7 20:04:36 1999
+++ /usr/src/bin/sh/expand.c Fri Apr 30 14:34:44 1999
@@ -1,6 +1,6 @@
-/* $NetBSD: expand.c,v 1.46 1999/04/06 21:05:27 he Exp $ */
+/* $NetBSD: expand.c,v 1.45.2.1 1999/04/07 17:24:02 he Exp $ */
/*-
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
@@ -39,11 +39,11 @@
#include <sys/cdefs.h>
#ifndef lint
#if 0
static char sccsid[] = "@(#)expand.c 8.5 (Berkeley) 5/15/95";
#else
-__RCSID("$NetBSD: expand.c,v 1.46 1999/04/06 21:05:27 he Exp $");
+__RCSID("$NetBSD: expand.c,v 1.45.2.1 1999/04/07 17:24:02 he Exp $");
#endif
#endif /* not lint */
#include <sys/types.h>
#include <sys/time.h>
@@ -620,11 +620,11 @@
{
int subtype;
int varflags;
char *var;
char *val;
- char *pat;
+ int patloc;
int c;
int set;
int special;
int startloc;
int varlen;
@@ -718,14 +718,14 @@
/*
* Terminate the string and start recording the pattern
* right after it
*/
STPUTC('\0', expdest);
- pat = expdest;
- if (subevalvar(p, NULL, expdest - stackblock(), subtype,
+ patloc = expdest - stackblock();
+ if (subevalvar(p, NULL, patloc, subtype,
startloc, varflags) == 0) {
- int amount = (expdest - pat) + 1;
+ int amount = (expdest - stackblock() - patloc) + 1;
STADJUST(-amount, expdest);
}
/* Remove any recorded regions beyond start of variable */
removerecordregions(startloc);
goto record;
>Audit-Trail:
>Unformatted: