falso
/
cdesktopenv
mirror of https://git.code.sf.net/p/cdesktopenv/code
1
0
Fork 0
Code Issues Releases Wiki Activity

nv_clone(): don't call num_clone() for array nodes 

num_clone handles simple numeric values of all types but not array
nodes. Calling it for an array node caused the arith.sh regression
test below to crash in num_clone() with a buffer overflow when ksh
is compiled with AddressSanitizer. The array has the NV_INTEGER
attribute because it is an array of numeric values, but that
doesn't mean the array node itself holds a number.

After this, all the arith.sh tests pass with AddressSanitizer.
The failing test in arith.c was this one, introduced in d50d3d7c:

got=$(
	typeset -r -A -i ro_arr=([a]=10 [b]=20 [c]=30)
	set +x
	for ((i=0; i<loopcount; i++)); do
		( ((ro_arr[i+1] += 5)) )
	done 2>&1
)
[[ $got == *recursion* ]] && err_exit "recursion level not reset on readonly error (subshell)"
This commit is contained in:
Martijn Dekker 2022-07-10 22:29:45 +02:00
parent 7a01d6df47
commit 6728720f8f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cmd/ksh93/sh/nvdisc.c
View File

@ -961,7 +961,7 @@ int nv_clone(Namval_t *np, Namval_t *mp, int flags)
}
else if((flags&NV_ARRAY) && !nv_isattr(np,NV_MINIMAL))
mp->nvenv = np->nvenv;
if(nv_isattr(np,NV_INTEGER) && mp->nvalue.ip!=np->nvalue.ip && np->nvalue.cp!=Empty)
if(nv_isattr(np,NV_INTEGER) && !nv_isarray(np) && mp->nvalue.ip!=np->nvalue.ip && np->nvalue.cp!=Empty)
{
mp->nvalue.ip = (int*)num_clone(np,(void*)np->nvalue.ip);
nv_offattr(mp,NV_NOFREE);