sh: Fix crash due to uninitialized here-document.

If an ; or & token was followed by an EOF token, pending here-documents were
left uninitialized. Execution would crash, either in the main shell process
for literal here-documents or in a child process for expanded
here-documents. In the latter case the problem is hard to detect apart from
the core dumps and log messages.

Side effect: slightly different retries on inputs where EOF is not
persistent.

Note that tools/regression/bin/sh/parser/heredoc6.0 still causes a similar
crash in a child process. The text passed to eval is malformed and should be
rejected.
This commit is contained in:
Jilles Tjoelker 2010-07-25 22:25:52 +00:00
parent 19b7052d55
commit 6c0c240366
2 changed files with 22 additions and 0 deletions

View File

@ -269,6 +269,9 @@ list(int nlflag)
parseheredoc();
if (nlflag)
return n1;
} else if (tok == TEOF && nlflag) {
parseheredoc();
return n1;
} else {
tokpushback++;
}

View File

@ -0,0 +1,19 @@
# $FreeBSD$
# Some of these created malformed parse trees with null pointers for here
# documents, causing the here document writing process to segfault.
eval ': <<EOF'
eval ': <<EOF;'
eval '`: <<EOF`'
eval '`: <<EOF;`'
eval '`: <<EOF`;'
eval '`: <<EOF;`;'
# Some of these created malformed parse trees with null pointers for here
# documents, causing sh to segfault.
eval ': <<\EOF'
eval ': <<\EOF;'
eval '`: <<\EOF`'
eval '`: <<\EOF;`'
eval '`: <<\EOF`;'
eval '`: <<\EOF;`;'