NetBSD Problem Report #42646
From www@NetBSD.org Wed Jan 20 00:36:39 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 1A29463C2BC
for <gnats-bugs@gnats.NetBSD.org>; Wed, 20 Jan 2010 00:36:39 +0000 (UTC)
Message-Id: <20100120003638.AEC3D63C2A9@www.NetBSD.org>
Date: Wed, 20 Jan 2010 00:36:38 +0000 (UTC)
From: joachim.kuebart@gmail.com
Reply-To: joachim.kuebart@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Shell crashes in libedit when window size changes (SIGWINCH)
X-Send-Pr-Version: www-1.0
>Number: 42646
>Category: lib
>Synopsis: Shell crashes in libedit when window size changes (SIGWINCH)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: lib-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jan 20 00:40:00 +0000 2010
>Closed-Date: Wed Jan 20 09:05:38 +0000 2010
>Last-Modified: Wed Jan 20 09:05:38 +0000 2010
>Originator: Joachim Kuebart
>Release: NetBSD-current
>Organization:
>Environment:
NetBSD yacht 5.99.23 NetBSD 5.99.23 (YACHT) #1: Mon Jan 18 07:35:40 GMT 2010 joki@yacht:/usr/obj/amd64.new/usr/src/sys/arch/amd64/compile/YACHT amd64
>Description:
When /bin/sh is sent a signal that interrupts the current read() system call with errno=EINTR, it does a memcpy() with length -1 and receives a SIGSEGV.
>How-To-Repeat:
Send a SIGWINCH signal to a /bin/sh instance, either using
kill -winch $$
or by changing the window size of an X terminal.
The shell is terminated by SIGSEGV.
>Fix:
This happens because libedit's el_gets() does not honour its contract of returning NULL in case of an error (like an interrupted system call EINTR). The following patch modifies el_gets() to return NULL when the underlying el_wgets() returned NULL. It uses the fact that ct_encode_string() returns NULL when it is passed a NULL argument.
Index: eln.c
===================================================================
RCS file: /pub/NetBSD-CVS/src/lib/libedit/eln.c,v
retrieving revision 1.4
diff -p -U8 -r1.4 eln.c
--- eln.c 12 Jan 2010 19:40:50 -0000 1.4
+++ eln.c 20 Jan 2010 00:29:22 -0000
@@ -67,20 +67,22 @@ el_push(EditLine *el, const char *str)
* character sets too, and Does The Right Thing. */
el_wpush(el, ct_decode_string(str, &el->el_lgcyconv));
}
public const char *
el_gets(EditLine *el, int *nread)
{
+ const wchar_t *tmp;
+
el->el_flags |= IGNORE_EXTCHARS;
- el_wgets(el, nread);
+ tmp = el_wgets(el, nread);
el->el_flags &= ~IGNORE_EXTCHARS;
- return ct_encode_string(el->el_line.buffer, &el->el_lgcyconv);
+ return ct_encode_string(tmp, &el->el_lgcyconv);
}
public int
el_parse(EditLine *el, int argc, const char *argv[])
{
int ret;
const wchar_t **wargv;
>Release-Note:
>Audit-Trail:
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42646 CVS commit: src/lib/libedit
Date: Tue, 19 Jan 2010 20:15:52 -0500
Module Name: src
Committed By: christos
Date: Wed Jan 20 01:15:52 UTC 2010
Modified Files:
src/lib/libedit: eln.c
Log Message:
PR/42646: Joachim Kuebart: Shell crashes in libedit when window size changes
(SIGWINCH). Return NULL if el_gets() gets interrupted.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/lib/libedit/eln.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Wed, 20 Jan 2010 09:05:38 +0000
State-Changed-Why:
christos committed the patch.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.