From d3eae2a68ebac3d69e049ba2fed3609433d8cb12 Mon Sep 17 00:00:00 2001
From: Jilles Tjoelker <jilles@FreeBSD.org>
Date: Wed, 1 Jan 2020 12:06:37 +0000
Subject: [PATCH] sh: Fix rare memory leak with SIGINT

If getcwd() failed earlier on but later succeeded in the pwd builtin,
there was no INTOFF protection between calling savestr() and storing its
result.

It is quite rare for getcwd() to fail, and rarer for it to succeed later in
the same directory.

Found via code inspection for changing ckmalloc() and similar to assert
INTOFF protection instead of applying it directly (which protects against
corrupting malloc's internal state but allows memory leaks or double frees).

MFC after:	1 week
---
 bin/sh/cd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bin/sh/cd.c b/bin/sh/cd.c
index 355e204fe148..66eee00b2c24 100644
--- a/bin/sh/cd.c
+++ b/bin/sh/cd.c
@@ -376,8 +376,11 @@ getpwd(void)
 		return curdir;
 
 	p = getpwd2();
-	if (p != NULL)
+	if (p != NULL) {
+		INTOFF;
 		curdir = savestr(p);
+		INTON;
+	}
 
 	return curdir;
 }