Created attachment 1070038[details]
ksh-20120801-F_dupfd_cloexec.patch
I do not yet have a reproducer, but have a patch
that handles the final state, and user reports
the patch corrects this specific crash condition.
But I am afraid it is just hiding a descriptor
leak. In the crash coredump, it had:
(gdb) p shp->gd->lim.open_max
$1 = 64
(gdb) p fd
$2 = 122
Comment 20Siteshwar Vashisht
2017-06-18 18:30:33 UTC
I am able to reproduce a file descriptor leak with this code :
while true; do
foo=`pvs << EOF
$(pvs)
EOF`
done
however patch from comment 0 does not fix it, so it may be unrelated.
The patch in comment 0 just attempts to do "what was meant", and (mostly)
match latest ast code, that is to use F_DUPFD_CLOEXEC, detected by build
configure, that sets the value of F_dupfd_cloexec.
I believe the patch has the side effect of not "exporting" the leak in
ksh internal structures to forked shells, thus making it harder to have
cumulative leaks, that end in out of bounds writes.
Created attachment 1070038 [details] ksh-20120801-F_dupfd_cloexec.patch I do not yet have a reproducer, but have a patch that handles the final state, and user reports the patch corrects this specific crash condition. But I am afraid it is just hiding a descriptor leak. In the crash coredump, it had: (gdb) p shp->gd->lim.open_max $1 = 64 (gdb) p fd $2 = 122