Bug 616853 – ksh crashes

Bug 616853 - ksh crashes

Summary:	ksh crashes

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	ksh (Show other bugs)
Sub Component:
Version:	5.5
Hardware:	All Linux

Priority	urgent Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Michal Hlavinka
QA Contact:	qe-baseos-tools
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression, ZStream

Depends On:
Blocks:	637052 675135
	Show dependency tree / graph

Reported:	2010-07-21 10:34 EDT by ritz
Modified:	2012-08-27 21:40 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.
Story Points:	---
Clone Of:
Clones:	637052 (view as bug list)
Environment:
Last Closed:	2012-02-21 00:50:01 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
first reproducer (2.70 KB, text/plain) 2010-08-30 05:18 EDT, Michal Hlavinka	no flags	Details
new reproducer (1.01 KB, text/plain) 2010-09-06 06:04 EDT, Michal Hlavinka	no flags	Details
patch to fix this (818 bytes, patch) 2010-09-08 12:47 EDT, Michal Hlavinka	no flags	Details \| Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description ritz 2010-07-21 10:34:44 EDT

Description of problem:
ksh crashes

Version-Release number of selected component (if applicable):
ksh-20100202-1.el5 

How reproducible:
always

Steps to Reproduce:
n/a
  
Actual results:
crash

Expected results:
should not crash

Additional info:
When using ksh-20060214-1.7 the scripts worked OK, but after upgrading to ksh-20100202-1.el5 the scripts started to segfault. This happens in a vm and a physical one.

Customer cannot provide the reproducer.

Comment 7 Michal Hlavinka 2010-08-30 05:18:16 EDT

Created attachment 441918 [details]
first reproducer

I have first reproducer. It reproduces fine against 2010-02-02, but does not reproduce against 2010-06-21, so a)reproducer is not trying hard enough b)there are two bugs. I believe this is situation a).

Bug is partially position (in memory) dependant, because some fillers like function fun0001 { return 0; } are needed, despite they are never called. Without them it does not reproduce this problem. (Some of them can be removed from this version of reproducer, but not majority of them.)

I'll try to prepare better reproducer now

Comment 10 Michal Hlavinka 2010-09-06 06:04:40 EDT

Created attachment 443266 [details]
new reproducer

new reproducer, crashes also with ksh 2010-06-21

Comment 12 Michal Hlavinka 2010-09-08 12:47:15 EDT

Created attachment 446041 [details]
patch to fix this

Comment 29 Martin Prpič 2011-03-16 11:56:40 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Assigning a value to an array variable during the execution of the "typeset" command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.

Comment 32 errata-xmlrpc 2012-02-21 00:50:01 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0159.html

Note You need to log in before you can comment on or make changes to this bug.