Re: [PATCH] uninitialized variable access
On 6/17/23 2:55 AM, Grisha Levit wrote: Some uninitialized variable access identified by clang's static analyzer. (FWIW 90% of the reports were bogus but these seem legit) Thanks for the report and wading through the false positives. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Re: [PATCH] fix compgen -V leak
On 6/17/23 2:49 AM, Grisha Levit wrote: My earlier patch for adding compgen -V did the variable assignment in a pretty silly way and had a small memory leak to boot. Hope this new way makes sense, sorry for the extra work. Thanks for the update. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
Re: [PATCH] null pointer deref in bindpwd
On 6/17/23 2:57 AM, Grisha Levit wrote: Only triggered by doing something stupid: bash -c 'declare -n OLDPWD=X[SHLVL=-1]; /; cd /' bash: line 1: X[SHLVL=-1]: bad array subscript Segmentation fault: 11 Thanks for the report. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
uninitialized variable access in read_builtin
`read' can hit its timeout before it gets a chance to save the current
signal mask so sigprocmask can end up restoring an uninitialized
prevset. (Also all the sigprocmask calls other than the one in the jmp
target are protected by `#if defined (SIGCHLD)' so I guess this one
should be too)
Found by running the test suite on a build with clang's
MemorySanitizer enabled. There were only two other reports, both from
quite recent additions, so I'll just mention them here:
* anonopen doesn't set *fn if memfd_create is used so uw_anonclose
frees an uninitialized pointer value later
* convert_validarray_flags_to_arrayval_flags doesn't initialize avflags
---
diff --git a/builtins/read.def b/builtins/read.def
index cb4e1e59..ecfb3d4a 100644
--- a/builtins/read.def
+++ b/builtins/read.def
@@ -428,6 +428,7 @@ read_builtin (WORD_LIST *list)
sigemptyset (&chldset);
sigprocmask (SIG_BLOCK, (sigset_t *)0, &chldset);
sigaddset (&chldset, SIGCHLD);
+ sigprocmask (SIG_SETMASK, (sigset_t *)0, &prevset);
#endif
begin_unwind_frame ("read_builtin");
@@ -495,7 +496,9 @@ read_builtin (WORD_LIST *list)
if (code)
{
reset_timeout ();
+#if defined (SIGCHLD)
sigprocmask (SIG_SETMASK, &prevset, (sigset_t *)0);
+#endif
/* Tricky. The top of the unwind-protect stack is the free of
input_string. We want to run all the rest and use input_string,
temp env vs export
Using `export' / `readonly' on a variable that's present in both the temp
env and a calling function's local context combines the attributes of all
the intervening scopes in the global variable:
$ declare -A v; f() { local -a v; v= e; }; e() { export v; }
$ (f; declare -p v)
declare -aAx v=([0]="")
$ (f; v=)
Segmentation fault: 11
Re: uninitialized variable access in read_builtin
On 6/22/23 12:36 PM, Grisha Levit wrote: `read' can hit its timeout before it gets a chance to save the current signal mask so sigprocmask can end up restoring an uninitialized prevset. (Also all the sigprocmask calls other than the one in the jmp target are protected by `#if defined (SIGCHLD)' so I guess this one should be too) Found by running the test suite on a build with clang's MemorySanitizer enabled. There were only two other reports, both from quite recent additions, so I'll just mention them here: * anonopen doesn't set *fn if memfd_create is used so uw_anonclose frees an uninitialized pointer value later * convert_validarray_flags_to_arrayval_flags doesn't initialize avflags Thanks. I appreciate you running the test suite. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
