Bug 494363
| Summary: | Segfault with inacessible $HISTFILE | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Tomas Smetana <tsmetana> | ||||||
| Component: | ksh | Assignee: | Michal Hlavinka <mhlavink> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 5.2 | CC: | cward, kvolny, rvokal, tao | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: |
If the $HISTFILE did not exist and could not be created for some reason (for example, read-only NFS home) ksh sometimes crashed with a segmentation fault when trying to insert the last word of the previous command using the M-_ or M-. keyboard shortcut. Now, ksh returns NULL under these conditions, and avoids the segmentation fault when $HISTFILE is inaccessible.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-09-02 09:11:27 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 338343 [details]
Proposed patch
I think it's OK to return NULL when we're searching the non-existing history and handle the situation in both the editing modes by doing nothing.
The patch should prevent the segfaulting but in case the history file doesn't exist M-_ still prints some random string. It seems the two issues are unrelated. I will try to look into it again to be sure. Created attachment 338893 [details] Better patch with beeping Based on the response from upstream about the patch in comment #1 I added beeping when there is no history file and also an attempt to fix the garbage output in case of empty history file. I'm not obsoleting the previous patch because the changes regarding the bug in this patch are merely cosmetical and the changes made to to hist_copy() function were not reviewed by anyone yet. Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: If the $HISTFILE did not exist and could not be created for some reason (for example, read-only NFS home) ksh sometimes crashed with a segmentation fault when trying to insert the last word of the previous command using the M-_ or M-. keyboard shortcut. Now, ksh returns NULL under these conditions, and avoids the segmentation fault when $HISTFILE is inaccessible. ~~ Attention - RHEL 5.4 Beta Released! ~~ RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner! If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity. Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value. Questions can be posted to this bug or your customer or partner representative. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1256.html |
Description of problem: If the $HISTFILE doesn't exist and can't be created for some reason (e.g., read-only NFS home) ksh may crash with segmentation fault when trying to insert the last word of the previous command using the M-_ or M-. keyboard shortcut. When the history file is accessible but empty, a garbage string is printed. Version-Release number of selected component (if applicable): ksh-20080202-2 but the crashing code is present in the latest upstream as well. How reproducible: Always Steps to Reproduce: 1. create a NFS export with root_squash option on a server accessible to users, e.g. write something like this to the /etc/exports file: /tmp *(rw,root_squash) 2. service nfs start 3. mount the export on an RHEL-5 client machine e.g. to /mnt/foo mount point. 4. as an ordinary user run mkdir /mnt/foo/bar echo "set -o emacs" > /mnt/foo/bar/.kshrc 5. become root (su -) and start ksh with $HOME pointing to the /mnt/foo/bar directory: HOME=/mnt/foo/bar ksh 6. in the command line try to insert the last word from history by pressing 'ESC' and '.' Actual results: # Segmentation fault Expected results: No segfault. Additional info: This could be reproduced also with vi editing mode. There exists another symptom of the same bug: remove the ~/.sh_history file (or wherever you have the HISTFILE located), start ksh and try again the M-. or M-_ combination -- some random garbage would be printed out. The segfault is caused by this code in ksh-20080202/src/cmd/ksh93/edit/history.c: 1067 char *hist_word(char *string,int size,int word) 1068 { 1069 register int c; 1070 register char *s1 = string; 1071 register unsigned char *cp = (unsigned char*)s1; 1072 register int flag = 0; 1073 History_t *hp = hist_ptr; 1074 if(!hp) 1075 #if KSHELL 1076 { 1077 strncpy(string,((Shell_t*)hp->histshell)->lastarg,size); 1078 return(string); 1079 } 1080 #else 1081 return(NIL(char*)); 1082 #endif /* KSHELL */ It's clear that there is a NULL pointer dereference at the line 1077 and this is the place where ksh receives the SIGSEGV.