Hi! ----
Attached (as "shbfc_compiled_demo1_short_int_wrong_index.sh.gz") is a compressed (broken) demo script (created via the "brainfuck2shell" (see http://en.wikipedia.org/wiki/Brainfuck) compiler demo script - see http://svn.nrubsig.org/svn/people/gisburn/scripts/shbfc.sh and then filtered via $ ~/bin/ksh shbfc.sh '#demo1' | sed 's/integer -u/typeset -s -i/g' # to force the use of short integers) which triggers a crash in ast-ksh.2013-07-27 on SuSE 12.3/AMD64. The stack trace looks like this: -- snip -- Program received signal SIGSEGV, Segmentation fault. 0x000000000044426f in nv_putval (np=0x7ffff7f2ce80, string=0x7fffffffc390 "", flags=26) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1837 1837 *(up->sp) = s+(int16_t)l; (gdb) where #0 0x000000000044426f in nv_putval (np=0x7ffff7f2ce80, string=0x7fffffffc390 "", flags=26) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1837 #1 0x000000000049e776 in arith (ptr=0x7fffffffc458, lvalue=0x7fffffffc410, type=1, n=12) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:238 #2 0x000000000045cc53 in arith_exec (ep=0x7ffff7f437c0) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/streval.c:307 #3 0x000000000046cdd8 in sh_exec (shp=0x803260 <sh>, t=0x7ffff7f42e70, flags=516) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2530 #4 0x000000000046c9c3 in sh_exec (shp=0x803260 <sh>, t=0x7ffff7f42cb0, flags=4) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2471 #5 0x000000000046ba87 in sh_exec (shp=0x803260 <sh>, t=0x7ffff70bf5d0, flags=6) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2223 #6 0x0000000000471841 in sh_funscope_20120720 (shp=0x803260 <sh>, argn=1, argv=0x7ffff7f1cba8, fun=0x0, arg=0x7fffffffd900, execflg=4) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:4040 #7 0x000000000046fa28 in sh_funct (shp=0x803260 <sh>, np=0x7ffff7f2cf40, argn=1, argv=0x7ffff7f1cba8, envlist=0x0, execflg=4) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:3376 #8 0x0000000000469505 in sh_exec (shp=0x803260 <sh>, t=0x7ffff7f1cb40, flags=4) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:1559 #9 0x000000000040f472 in exfile (shp=0x803260 <sh>, iop=0x7ffff7ee0df0, fno=11) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:603 #10 0x000000000040e6bd in sh_main (ac=2, av=0x7fffffffe258, userinit=0x0) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:375 #11 0x000000000040d891 in main (argc=2, argv=0x7fffffffe258) at /home/test001/work/ast_ksh_20130727/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/pmain.c:45 (gdb) print up $1 = (union Value *) 0x7ffff7f2cea8 (gdb) print *up->sp Cannot access memory at address 0xd -- snip -- Note that the script shouldn't work (because (( p=2**17 )) overflows a |int16_t| as declared via $ typeset -s -i p # but it should not crash the shell either... ;-/ ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) [email protected] \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;)
shbfc_compiled_demo1_short_int_wrong_index.sh.gz
Description: GNU Zip compressed data
_______________________________________________ ast-developers mailing list [email protected] http://lists.research.att.com/mailman/listinfo/ast-developers
