Bug 624450

Summary: null pointer dereference crashes tcsh
Product: Red Hat Enterprise Linux 5 Reporter: Bryan Mason <bmason>
Component: tcshAssignee: Jaromír Končický <jkoncick>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.5CC: jwest, ovasik, rvokal, syeghiay, tao
Target Milestone: rcKeywords: Patch, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.
Story Points: ---
Clone Of: 607368
: 689382 700309 (view as bug list) Environment:
Last Closed: 2013-09-23 11:14:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 631815, 689382    
Attachments:
Description Flags
Proposed patch none

Description Bryan Mason 2010-08-16 14:14:41 UTC
+++ This bug was initially created as a clone of Bug #607368 +++

Description of problem:

    The potential exists for a null pointer dereference in pchild()
    sh.proc.c:

    417         if (jobflags & PFOREGND) {
    418             if (!(jobflags & (PSIGNALED | PSTOPPED | PPTIME) ||
    419 #ifdef notdef
    420                 jobflags & PAEXITED ||
    421 #endif /* notdef */
    422                 !eq(dcwd->di_name, fp->p_cwd->di_name))) {

Version-Release number of selected component (if applicable):

    tcsh-6.14-14.el5

Additional info:

    This was fixed upstream in tcsh-6.15.00:

        http://mx.gw.com/pipermail/tcsh/2007-September/003866.html

    Reference item #9:

        9. Avoid null pointer dereference in proc cwd (Kurt Miller)

Comment 2 Bryan Mason 2010-08-16 18:08:56 UTC
Created attachment 439002 [details]
Proposed patch

Created by tumeya

Comment 6 Jaromir Hradilek 2010-09-13 11:17:03 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.