Bug 616853 - ksh crashes
Summary: ksh crashes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ksh
Version: 5.5
Hardware: All
OS: Linux
urgent
high
Target Milestone: rc
: ---
Assignee: Michal Hlavinka
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On:
Blocks: 637052 675135
TreeView+ depends on / blocked
 
Reported: 2010-07-21 14:34 UTC by ritz
Modified: 2018-11-28 19:18 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.
Clone Of:
: 637052 (view as bug list)
Environment:
Last Closed: 2012-02-21 05:50:01 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
first reproducer (2.70 KB, text/plain)
2010-08-30 09:18 UTC, Michal Hlavinka
no flags Details
new reproducer (1.01 KB, text/plain)
2010-09-06 10:04 UTC, Michal Hlavinka
no flags Details
patch to fix this (818 bytes, patch)
2010-09-08 16:47 UTC, Michal Hlavinka
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0159 0 normal SHIPPED_LIVE ksh bug fix and enhancement update 2012-02-20 14:53:47 UTC

Description ritz 2010-07-21 14:34:44 UTC
Description of problem:
ksh crashes

Version-Release number of selected component (if applicable):
ksh-20100202-1.el5 

How reproducible:
always

Steps to Reproduce:
n/a
  
Actual results:
crash

Expected results:
should not crash

Additional info:
When using ksh-20060214-1.7 the scripts worked OK, but after upgrading to ksh-20100202-1.el5 the scripts started to segfault. This happens in a vm and a physical one.

Customer cannot provide the reproducer.

Comment 7 Michal Hlavinka 2010-08-30 09:18:16 UTC
Created attachment 441918 [details]
first reproducer

I have first reproducer. It reproduces fine against 2010-02-02, but does not reproduce against 2010-06-21, so a)reproducer is not trying hard enough b)there are two bugs. I believe this is situation a).

Bug is partially position (in memory) dependant, because some fillers like function fun0001 { return 0; } are needed, despite they are never called. Without them it does not reproduce this problem. (Some of them can be removed from this version of reproducer, but not majority of them.)

I'll try to prepare better reproducer now

Comment 10 Michal Hlavinka 2010-09-06 10:04:40 UTC
Created attachment 443266 [details]
new reproducer

new reproducer, crashes also with ksh 2010-06-21

Comment 12 Michal Hlavinka 2010-09-08 16:47:15 UTC
Created attachment 446041 [details]
patch to fix this

Comment 29 Martin Prpič 2011-03-16 15:56:40 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.

Comment 32 errata-xmlrpc 2012-02-21 05:50:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0159.html


Note You need to log in before you can comment on or make changes to this bug.