fix lexical parser crash (#960371)

This commit is contained in:
Michal Hlavinka 2014-02-06 14:14:35 +01:00
parent a2f502032f
commit 1e4207d538
2 changed files with 64 additions and 1 deletions

56
ksh-20120801-lexfix.patch Normal file
View File

@ -0,0 +1,56 @@
diff -up ksh-20120801/src/cmd/ksh93/edit/edit.c.trajfiks ksh-20120801/src/cmd/ksh93/edit/edit.c
--- ksh-20120801/src/cmd/ksh93/edit/edit.c.trajfiks 2012-08-02 00:18:19.000000000 +0200
+++ ksh-20120801/src/cmd/ksh93/edit/edit.c 2014-02-06 12:12:11.570942651 +0100
@@ -53,6 +53,7 @@
static char CURSOR_UP[20] = { ESC, '[', 'A', 0 };
static char KILL_LINE[20] = { ESC, '[', 'J', 0 };
+static char *savelex;
@@ -232,6 +233,8 @@ int tty_set(int fd, int action, struct t
void tty_cooked(register int fd)
{
register Edit_t *ep = (Edit_t*)(shgd->ed_context);
+ if(ep->sh->st.trap[SH_KEYTRAP] && savelex)
+ memcpy(ep->sh->lex_context,savelex,ep->sh->lexsize);
ep->e_keytrap = 0;
if(ep->e_raw==0)
return;
@@ -783,6 +786,13 @@ void ed_setup(register Edit_t *ep, int f
ep->e_lbuf[n] = *pp++;
ep->e_default = 0;
}
+ if(ep->sh->st.trap[SH_KEYTRAP])
+ {
+ if(!savelex)
+ savelex = (char*)malloc(shp->lexsize);
+ if(savelex)
+ memcpy(savelex, ep->sh->lex_context, ep->sh->lexsize);
+ }
}
static void ed_putstring(register Edit_t *ep, const char *str)
diff -up ksh-20120801/src/cmd/ksh93/include/defs.h.trajfiks ksh-20120801/src/cmd/ksh93/include/defs.h
--- ksh-20120801/src/cmd/ksh93/include/defs.h.trajfiks 2014-02-06 12:18:13.149091836 +0100
+++ ksh-20120801/src/cmd/ksh93/include/defs.h 2014-02-06 12:18:13.175091784 +0100
@@ -224,6 +224,7 @@ struct shared
int xargexit; \
int nenv; \
mode_t mask; \
+ int lexsize; \
Env_t *env; \
void *init_context; \
void *mac_context; \
diff -up ksh-20120801/src/cmd/ksh93/sh/lex.c.trajfiks ksh-20120801/src/cmd/ksh93/sh/lex.c
--- ksh-20120801/src/cmd/ksh93/sh/lex.c.trajfiks 2014-02-06 12:19:13.587950320 +0100
+++ ksh-20120801/src/cmd/ksh93/sh/lex.c 2014-02-06 12:19:13.623950219 +0100
@@ -268,6 +268,7 @@ Lex_t *sh_lexopen(Lex_t *lp, Shell_t *sp
{
lp = (Lex_t*)newof(0,Lex_t,1,0);
lp->sh = sp;
+ sp->lexsize = sizeof(Lex_t);
}
fcnotify(lex_advance,lp);
lp->lex.intest = lp->lex.incase = lp->lex.skipword = lp->lexd.warn = 0;

View File

@ -6,7 +6,7 @@ URL: http://www.kornshell.com/
Group: System Environment/Shells Group: System Environment/Shells
License: EPL License: EPL
Version: 20120801 Version: 20120801
Release: 14%{?dist} Release: 15%{?dist}
Source0: http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{releasedate}.tgz Source0: http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{releasedate}.tgz
Source1: http://www.research.att.com/~gsf/download/tgz/INIT.%{releasedate}.tgz Source1: http://www.research.att.com/~gsf/download/tgz/INIT.%{releasedate}.tgz
Source2: kshcomp.conf Source2: kshcomp.conf
@ -31,6 +31,9 @@ Patch10: ksh-20120801-mtty.patch
Patch11: ksh-20120801-argvfix.patch Patch11: ksh-20120801-argvfix.patch
Patch12: ksh-20130628-longer.patch Patch12: ksh-20130628-longer.patch
# for ksh <= 2013-04-09, rhbz#960371
Patch13: ksh-20120801-lexfix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Conflicts: pdksh Conflicts: pdksh
Requires: coreutils, glibc-common, diffutils Requires: coreutils, glibc-common, diffutils
@ -61,6 +64,7 @@ with "sh" (the Bourne Shell).
%patch10 -p1 -b .mtty %patch10 -p1 -b .mtty
%patch11 -p1 -b .argvfix %patch11 -p1 -b .argvfix
%patch12 -p1 -b .longer %patch12 -p1 -b .longer
%patch13 -p1 -b .lexfix
#/dev/fd test does not work because of mock #/dev/fd test does not work because of mock
sed -i 's|ls /dev/fd|ls /proc/self/fd|' src/cmd/ksh93/features/options sed -i 's|ls /dev/fd|ls /proc/self/fd|' src/cmd/ksh93/features/options
@ -155,6 +159,9 @@ fi
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Thu Feb 06 2014 Michal Hlavinka <mhlavink@redhat.com> - 20120801-15
- fix lexical parser crash (#960371)
* Fri Jan 17 2014 Michal Hlavinka <mhlavink@redhat.com> - 20120801-14 * Fri Jan 17 2014 Michal Hlavinka <mhlavink@redhat.com> - 20120801-14
- fix overflow in subshell loop - fix overflow in subshell loop