sh: Fix crash due to uninitialized here-document.
If an ; or & token was followed by an EOF token, pending here-documents were left uninitialized. Execution would crash, either in the main shell process for literal here-documents or in a child process for expanded here-documents. In the latter case the problem is hard to detect apart from the core dumps and log messages. Side effect: slightly different retries on inputs where EOF is not persistent. Note that tools/regression/bin/sh/parser/heredoc6.0 still causes a similar crash in a child process. The text passed to eval is malformed and should be rejected.
This commit is contained in:
parent
19b7052d55
commit
6c0c240366
@ -269,6 +269,9 @@ list(int nlflag)
|
||||
parseheredoc();
|
||||
if (nlflag)
|
||||
return n1;
|
||||
} else if (tok == TEOF && nlflag) {
|
||||
parseheredoc();
|
||||
return n1;
|
||||
} else {
|
||||
tokpushback++;
|
||||
}
|
||||
|
19
tools/regression/bin/sh/parser/heredoc7.0
Normal file
19
tools/regression/bin/sh/parser/heredoc7.0
Normal file
@ -0,0 +1,19 @@
|
||||
# $FreeBSD$
|
||||
|
||||
# Some of these created malformed parse trees with null pointers for here
|
||||
# documents, causing the here document writing process to segfault.
|
||||
eval ': <<EOF'
|
||||
eval ': <<EOF;'
|
||||
eval '`: <<EOF`'
|
||||
eval '`: <<EOF;`'
|
||||
eval '`: <<EOF`;'
|
||||
eval '`: <<EOF;`;'
|
||||
|
||||
# Some of these created malformed parse trees with null pointers for here
|
||||
# documents, causing sh to segfault.
|
||||
eval ': <<\EOF'
|
||||
eval ': <<\EOF;'
|
||||
eval '`: <<\EOF`'
|
||||
eval '`: <<\EOF;`'
|
||||
eval '`: <<\EOF`;'
|
||||
eval '`: <<\EOF;`;'
|
Loading…
x
Reference in New Issue
Block a user