Bug 607368 - null pointer dereference crashes tcsh
Summary: null pointer dereference crashes tcsh
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: tcsh
Version: 4.8
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Vojtech Vitek
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks: 614755
TreeView+ depends on / blocked
 
Reported: 2010-06-23 22:51 UTC by Bryan Mason
Modified: 2018-11-14 19:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.
Clone Of:
: 624450 (view as bug list)
Environment:
Last Closed: 2012-06-14 20:54:19 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Proposed Patch (519 bytes, patch)
2010-06-23 22:54 UTC, Bryan Mason
no flags Details | Diff

Description Bryan Mason 2010-06-23 22:51:39 UTC
Description of problem:

    The potential exists for a null pointer dereference in pchild()
    sh.proc.c:

    417         if (jobflags & PFOREGND) {
    418             if (!(jobflags & (PSIGNALED | PSTOPPED | PPTIME) ||
    419 #ifdef notdef
    420                 jobflags & PAEXITED ||
    421 #endif /* notdef */
    422                 !eq(dcwd->di_name, fp->p_cwd->di_name))) {

Version-Release number of selected component (if applicable):

    tcsh-6.13-10_el4

Additional info:

    This was fixed upstream in tcsh-6.15.00:

        http://mx.gw.com/pipermail/tcsh/2007-September/003866.html

    Reference item #9:

        9. Avoid null pointer dereference in proc cwd (Kurt Miller)

Comment 1 Bryan Mason 2010-06-23 22:54:06 UTC
Created attachment 426410 [details]
Proposed Patch

Patched adapted from upstream by Takuma Umeya (tumeya)

Comment 10 Jaromir Hradilek 2010-09-13 11:17:08 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.


Note You need to log in before you can comment on or make changes to this bug.