1 BASH PATCH REPORT |
|
2 ================= |
|
3 |
|
4 Bash-Release: 4.2 |
|
5 Patch-ID: bash42-043 |
|
6 |
|
7 Bug-Reported-by: konsolebox <[email protected]> |
|
8 Bug-Reference-ID: <CAJnmqwZuGKLgMsMwxRK4LL+2NN+HgvmKzrnode99QBGrcgX1Lw@mail.gmail.com> |
|
9 Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-01/msg00138.html |
|
10 |
|
11 Bug-Description: |
|
12 |
|
13 When SIGCHLD is trapped, and a SIGCHLD trap handler runs when a pending |
|
14 `read -t' invocation times out and generates SIGALRM, bash can crash with |
|
15 a segmentation fault. |
|
16 |
|
17 Patch (apply with `patch -p0'): |
|
18 |
|
19 *** ../bash-4.2-patched/builtins/read.def 2012-10-31 21:22:51.000517000 -0400 |
|
20 --- builtins/read.def 2013-01-25 10:28:16.000038000 -0500 |
|
21 *************** |
|
22 *** 386,393 **** |
|
23 /* Tricky. The top of the unwind-protect stack is the free of |
|
24 input_string. We want to run all the rest and use input_string, |
|
25 ! so we have to remove it from the stack. */ |
|
26 ! remove_unwind_protect (); |
|
27 ! run_unwind_frame ("read_builtin"); |
|
28 input_string[i] = '\0'; /* make sure it's terminated */ |
|
29 retval = 128+SIGALRM; |
|
30 goto assign_vars; |
|
31 --- 386,403 ---- |
|
32 /* Tricky. The top of the unwind-protect stack is the free of |
|
33 input_string. We want to run all the rest and use input_string, |
|
34 ! so we have to save input_string temporarily, run the unwind- |
|
35 ! protects, then restore input_string so we can use it later. */ |
|
36 ! |
|
37 input_string[i] = '\0'; /* make sure it's terminated */ |
|
38 + if (i == 0) |
|
39 + { |
|
40 + t = (char *)xmalloc (1); |
|
41 + t[0] = 0; |
|
42 + } |
|
43 + else |
|
44 + t = savestring (input_string); |
|
45 + |
|
46 + run_unwind_frame ("read_builtin"); |
|
47 + input_string = t; |
|
48 retval = 128+SIGALRM; |
|
49 goto assign_vars; |
|
50 |
|
51 *** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 |
|
52 --- patchlevel.h Thu Feb 24 21:41:34 2011 |
|
53 *************** |
|
54 *** 26,30 **** |
|
55 looks for to find the patch level (for the sccs version string). */ |
|
56 |
|
57 ! #define PATCHLEVEL 42 |
|
58 |
|
59 #endif /* _PATCHLEVEL_H_ */ |
|
60 --- 26,30 ---- |
|
61 looks for to find the patch level (for the sccs version string). */ |
|
62 |
|
63 ! #define PATCHLEVEL 43 |
|
64 |
|
65 #endif /* _PATCHLEVEL_H_ */ |
|