Hi!

----

I did a test build with ast-ksh.2012-05-04 with $ (CCFLAGS='-g'
CC='gcc -std=gnu99 -D_AST_std_malloc=1 -DSHOPT_SYSRC -D_map_libc=1 -g'
./bin/package make) # (yes, yes CC/CCFLAGS abuse) to have a quick way
to let "valgrind" chew on ksh.
The first test of the resulting binary triggered a valgrind it for a
simple $ ksh -c 'cd /tmp' #:
-- snip --
$ valgrind ./arch/linux.i386-64/bin/ksh -c 'cd /tmp'
[snip]
==16737== Invalid read of size 1
==16737==    at 0x4481CA: nv_putval (name.c:1852)
==16737==    by 0x47CE0C: b_cd (cd_pwd.c:215)
==16737==    by 0x468E0F: sh_exec (xec.c:1367)
==16737==    by 0x408675: exfile (main.c:599)
==16737==    by 0x407ACB: sh_main (main.c:373)
==16737==    by 0x406E28: main (pmain.c:45)
==16737==  Address 0x566ecf0 is 0 bytes inside a block of size 66 free'd
==16737==    at 0x4C2892E: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16737==    by 0x50441B: _ast_free (malloc.c:1036)
==16737==    by 0x47CDA3: b_cd (cd_pwd.c:210)
==16737==    by 0x468E0F: sh_exec (xec.c:1367)
==16737==    by 0x408675: exfile (main.c:599)
==16737==    by 0x407ACB: sh_main (main.c:373)
==16737==    by 0x406E28: main (pmain.c:45)
[snip]
-- snip --

Looking at the lines 209-215:
-- snip --
209     if(oldpwd)
210             free(oldpwd);
211     flag = strlen(dir);
212     /* delete trailing '/' */
213     while(--flag>0 && dir[flag]=='/')
214             dir[flag] = 0;
215     nv_putval(pwdnod,dir,NV_RDONLY);
-- snip --
It's early in the morning with ENOCOFFEE: Is it possible that there
are cases where |oldpwd| and |dir| are identical ?

AFAIK this patch should fix it (yes, yes, the |free()| could've been
placed after the |nv_putval(pwdnod,dir,NV_RDONLY)| but I've opted to
place it after all accesses to modify the shell variables):
-- snip --
--- src/cmd/ksh93/bltins/cd_pwd.c  2012-04-27 16:53:03.000000000 +0200
+++ src/cmd/ksh93/bltins/cd_pwd.c       2012-05-08 08:04:46.815518557 +0200
@@ -206,8 +206,6 @@
        if(*dir != '/')
                return(0);
        nv_putval(opwdnod,oldpwd,NV_RDONLY);
-       if(oldpwd)
-               free(oldpwd);
        flag = strlen(dir);
        /* delete trailing '/' */
        while(--flag>0 && dir[flag]=='/')
@@ -218,6 +216,8 @@
        nv_scan(shp->track_tree,rehash,(void*)0,NV_TAGGED,NV_TAGGED);
        path_newdir(shp,shp->pathlist);
        path_newdir(shp,shp->cdpathlist);
+       if(oldpwd)
+               free(oldpwd);
        return(0);
 }
-- snip --

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) [email protected]
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)

_______________________________________________
ast-developers mailing list
[email protected]
https://mailman.research.att.com/mailman/listinfo/ast-developers

Reply via email to