Attached is an initial patch to rebuild using https://github.com/google/sanitizers/wiki/AddressSanitizer
Tested on Fedora 26. Basically, add -fsanitize=address to the CCFLAGS, and run under gdb like this: $ ASAN_OPTIONS=abort_on_error=1 /path/to/ksh This is not a complete patch, but with this one should be able to run scripts and find more issues, that might be harder to properly address. This patch is mostly a s/memcmp/strncmp/ with some checks for string length in a few places, and just to be able to start ksh without a fatal error due to address errors. A proper patch should replace all memcmp with strncmp, unless it is proven that it cannot read unbound memory. Thanks, Paulo
diff -up ksh-20120801/src/cmd/ksh93/sh/io.c.orig ksh-20120801/src/cmd/ksh93/sh/io.c --- ksh-20120801/src/cmd/ksh93/sh/io.c.orig 2017-03-24 12:26:02.247570569 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/io.c 2017-03-24 12:27:18.027760561 -0300 @@ -2703,7 +2703,7 @@ Sfio_t *sh_pathopen(const char *cp) int sh_isdevfd(register const char *fd) { - if(!fd || memcmp(fd,"/dev/fd/",8) || fd[8]==0) + if(!fd || strncmp(fd,"/dev/fd/",8) || strlen(fd)==8) return(0); for ( fd=&fd[8] ; *fd != '\0' ; fd++ ) { diff -up ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtree.c --- ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig 2017-03-24 12:47:16.665294813 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/nvtree.c 2017-03-24 12:48:41.610299351 -0300 @@ -188,7 +188,7 @@ void *nv_diropen(Namval_t *np,const char { char *cp = nv_name(dp->hp); c = strlen(cp); - if(memcmp(name,cp,c) || name[c]!='[') + if(strncmp(name,cp,c) || (strlen(name)>c && name[c]!='[')) dp->hp = (Namval_t*)dtnext(dp->root,dp->hp); else { @@ -266,7 +266,7 @@ static Namval_t *nextnode(struct nvdir * { if(dp->nextnode) return((*dp->nextnode)(dp->hp,dp->root,dp->fun)); - if(dp->len && memcmp(dp->data, dp->hp->nvname, dp->len)) + if(dp->len && strncmp(dp->data, dp->hp->nvname, dp->len)) return(0); return((Namval_t*)dtnext(dp->root,dp->hp)); } diff -up ksh-20120801/src/cmd/ksh93/sh/name.c.orig ksh-20120801/src/cmd/ksh93/sh/name.c --- ksh-20120801/src/cmd/ksh93/sh/name.c.orig 2017-03-24 13:13:32.878150777 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/name.c 2017-03-24 13:17:06.675076991 -0300 @@ -222,7 +222,7 @@ Namval_t *nv_addnode(Namval_t* np, int r nv_delete(np,root,NV_NOFREE); np = nv_search(sp->rp->nvname,root,NV_ADD); } - if(sp->numnodes && memcmp(np->nvname,NV_CLASS,sizeof(NV_CLASS)-1)) + if(sp->numnodes && strncmp(np->nvname,NV_CLASS,sizeof(NV_CLASS)-1)) { name = (sp->nodes[0])->nvname; i = strlen(name); diff -up ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtree.c --- ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig 2017-03-24 13:08:04.316909261 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/nvtree.c 2017-03-24 13:08:12.348719602 -0300 @@ -311,7 +311,7 @@ char *nv_dirnext(void *dir) dp->hp = (*dp->nextnode)(np,(Dt_t*)0,dp->fun); } sh.last_table = last_table; - if(!dp->len || memcmp(cp,dp->data,dp->len)==0) + if(!dp->len || strncmp(cp,dp->data,dp->len)==0) { if((nfp=nextdisc(np)) && (nfp->disc->getval||nfp->disc->getnum) && nv_isvtree(np) && strcmp(cp,dp->data)) nfp = 0; diff -up ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtype.c --- ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig 2017-03-24 13:33:53.695111186 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/nvtype.c 2017-03-24 13:33:59.074983225 -0300 @@ -898,7 +898,7 @@ Namval_t *nv_mktype(Namval_t **nodes, in continue; } nnodes++; - if(name && memcmp(&name[m],&np->nvname[m],n)==0 && np->nvname[m+n]=='.') + if(name && strncmp(&name[m],&np->nvname[m],n)==0 && np->nvname[m+n]=='.') offset -= sizeof(char*); dsize = nv_datasize(np,&offset); if(!nv_isarray(np) && (dp=(Namtype_t*)nv_hasdisc(np, &type_disc))) diff -up ksh-20120801/src/cmd/ksh93/sh/subshell.c.orig ksh-20120801/src/cmd/ksh93/sh/subshell.c --- ksh-20120801/src/cmd/ksh93/sh/subshell.c.orig 2017-03-24 13:35:39.224601167 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/subshell.c 2017-03-24 13:36:39.727162114 -0300 @@ -295,7 +295,7 @@ Namval_t *sh_assignok(register Namval_t { walk = root->walk?root->walk:root; mpnext = dtnext(root,mp); - if(memcmp(name,mp->nvname,len) || mp->nvname[len]!='.') + if(strncmp(name,mp->nvname,len) || (strlen(mp->nvname)>len && mp->nvname[len]!='.')) break; nv_delete(mp,walk,NV_NOFREE); *((Namval_t**)mp) = lp->child; diff -up ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtype.c --- ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig 2017-03-24 16:10:34.022879267 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/nvtype.c 2017-03-24 16:10:40.882713086 -0300 @@ -1070,7 +1070,7 @@ Namval_t *nv_mktype(Namval_t **nodes, in np->nvenv = 0; } nq->nvname = cp; - if(name && memcmp(name,&np->nvname[m],n)==0 && np->nvname[m+n]=='.') + if(name && strncmp(name,&np->nvname[m],n)==0 && np->nvname[m+n]=='.') offset -= sizeof(char*); dsize = nv_datasize(np,&offset); cp = strcopy(name=cp, &np->nvname[m]); diff -up ksh-20120801/src/cmd/ksh93/sh/name.c.orig ksh-20120801/src/cmd/ksh93/sh/name.c --- ksh-20120801/src/cmd/ksh93/sh/name.c.orig 2017-03-24 17:29:11.550619687 -0300 +++ ksh-20120801/src/cmd/ksh93/sh/name.c 2017-03-24 17:29:55.991547952 -0300 @@ -1425,7 +1425,7 @@ Namval_t *nv_open(const char *name, Dt_t { if(xp->root!=root) continue; - if(*name==*xp->name && xp->namespace==shp->namespace && (flags&(NV_ARRAY|NV_NOSCOPE))==xp->flags && memcmp(xp->name,name,xp->len)==0 && (name[xp->len]==0 || name[xp->len]=='=' || name[xp->len]=='+')) + if(*name==*xp->name && xp->namespace==shp->namespace && (flags&(NV_ARRAY|NV_NOSCOPE))==xp->flags && strlen(name)>=xp->len && memcmp(xp->name,name,xp->len)==0 && (name[xp->len]==0 || name[xp->len]=='=' || name[xp->len]=='+')) { sh_stats(STAT_NVHITS); np = xp->np;
_______________________________________________ ast-users mailing list ast-users@lists.research.att.com http://lists.research.att.com/mailman/listinfo/ast-users