Bug 616853 - ksh crashes
ksh crashes
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ksh (Show other bugs)
5.5
All Linux
urgent Severity high
: rc
: ---
Assigned To: Michal Hlavinka
qe-baseos-tools
: Regression, ZStream
Depends On:
Blocks: 637052 675135
  Show dependency treegraph
 
Reported: 2010-07-21 10:34 EDT by ritz
Modified: 2012-08-27 21:40 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.
Story Points: ---
Clone Of:
: 637052 (view as bug list)
Environment:
Last Closed: 2012-02-21 00:50:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
first reproducer (2.70 KB, text/plain)
2010-08-30 05:18 EDT, Michal Hlavinka
no flags Details
new reproducer (1.01 KB, text/plain)
2010-09-06 06:04 EDT, Michal Hlavinka
no flags Details
patch to fix this (818 bytes, patch)
2010-09-08 12:47 EDT, Michal Hlavinka
no flags Details | Diff

  None (edit)
Description ritz 2010-07-21 10:34:44 EDT
Description of problem:
ksh crashes

Version-Release number of selected component (if applicable):
ksh-20100202-1.el5 

How reproducible:
always

Steps to Reproduce:
n/a
  
Actual results:
crash

Expected results:
should not crash

Additional info:
When using ksh-20060214-1.7 the scripts worked OK, but after upgrading to ksh-20100202-1.el5 the scripts started to segfault. This happens in a vm and a physical one.

Customer cannot provide the reproducer.
Comment 7 Michal Hlavinka 2010-08-30 05:18:16 EDT
Created attachment 441918 [details]
first reproducer

I have first reproducer. It reproduces fine against 2010-02-02, but does not reproduce against 2010-06-21, so a)reproducer is not trying hard enough b)there are two bugs. I believe this is situation a).

Bug is partially position (in memory) dependant, because some fillers like function fun0001 { return 0; } are needed, despite they are never called. Without them it does not reproduce this problem. (Some of them can be removed from this version of reproducer, but not majority of them.)

I'll try to prepare better reproducer now
Comment 10 Michal Hlavinka 2010-09-06 06:04:40 EDT
Created attachment 443266 [details]
new reproducer

new reproducer, crashes also with ksh 2010-06-21
Comment 12 Michal Hlavinka 2010-09-08 12:47:15 EDT
Created attachment 446041 [details]
patch to fix this
Comment 29 Martin Prpič 2011-03-16 11:56:40 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.
Comment 32 errata-xmlrpc 2012-02-21 00:50:01 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0159.html

Note You need to log in before you can comment on or make changes to this bug.