Bug 2123066
| Summary: | ksh segfault when PWD is unset. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Paulo Andrade <pandrade> |
| Component: | ksh | Assignee: | Vincent Mihalkovič <vmihalko> |
| Status: | CLOSED ERRATA | QA Contact: | Karel Volný <kvolny> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.0 | CC: | lzaoral |
| Target Milestone: | rc | Keywords: | Patch, Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ksh-1.0.0~beta.1-3.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-07 08:37:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is a request to backport the following upstream commit: https://github.com/ksh93/ksh/commit/11177d448dadc7f8300e1db60c4ea5bdd61f13e0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ksh bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6561 |
Minimal reproducer: $ unset PWD $ $(cd) The crash is simple. Testing in Fedora with the same ksh version: Program received signal SIGSEGV, Segmentation fault. 0x00005555555d2227 in test_stat (name=0x0, buff=buff@entry=0x7fffffffb890) at /usr/src/debug/ksh-1.0.0~beta.1-1.fc35.x86_64/src/cmd/ksh93/bltins/test.c:716 716 if(*name==0) 711 /* 712 * do an fstat() for /dev/fd/n, otherwise stat() 713 */ 714 static int test_stat(const char *name,struct stat *buff) 715 { 716 if(*name==0) 717 { 718 errno = ENOENT; 719 return(-1); 720 } A blind patch would be the pseudo patch: - if(*name==0) + if(name && *name==0) but this likely would cause problems elsewhere. (gdb) p pwdnod $1 = (Namval_t *) 0x5555556ce220 (gdb) p pwdnod.nvalue $2 = {cp = 0x0, ip = 0x0, c = 0 '\000', i = 0, u = 0, lp = 0x0, pidp = 0x0, llp = 0x0, s = 0, sp = 0x0, dp = 0x0, ldp = 0x0, array = 0x0, np = 0x0, up = 0x0, rp = 0x0, funp = 0x0, nrp = 0x0, bfp = 0x0} This should only happen when PWD is not set, and in the code: """ /* * If sh_subshell() in subshell.c cannot use fchdir(2) to restore the PWD using a saved file descriptor, * we must fork any virtual subshell now to avoid the possibility of ending up in the wrong PWD on exit. */ if(shp->subshell && !shp->subshare) { #if _lib_fchdir if(!test_inode(nv_getval(pwdnod),e_dot)) #endif sh_subfork(); } /* """ in src/cmd/ksh93/bltins/cd_pwd.c The PWD environment variable is set again when the 'cd' command finishes, as noted in: $ cd --man ... When cd is successful, the PWD environment variable will be set to the name of an absolute pathname that does not contain any .. components corresponding to the new directory. The environment variable OLDPWD will be set to the previous value of PWD. If the new directory is found by searching the directories named by CDPATH, or if directory is -, or if the two operand form is used, the new value of PWD will be written to standard output. ... A patch should require deciding what to do to remediate the issue; possibly setting again PWD to the current directory (if it is available).