+++ This bug was initially created as a clone of Bug #607368 +++ Description of problem: The potential exists for a null pointer dereference in pchild() sh.proc.c: 417 if (jobflags & PFOREGND) { 418 if (!(jobflags & (PSIGNALED | PSTOPPED | PPTIME) || 419 #ifdef notdef 420 jobflags & PAEXITED || 421 #endif /* notdef */ 422 !eq(dcwd->di_name, fp->p_cwd->di_name))) { Version-Release number of selected component (if applicable): tcsh-6.14-14.el5 Additional info: This was fixed upstream in tcsh-6.15.00: http://mx.gw.com/pipermail/tcsh/2007-September/003866.html Reference item #9: 9. Avoid null pointer dereference in proc cwd (Kurt Miller)
Created attachment 439002 [details] Proposed patch Created by tumeya
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.