Vijaikumar M
2013-07-17 07:13:36 UTC
Hello,
I found a problem in ksh93 where over-shifting in a function puts the
interpreter into an indeterminate state.
Adding *any* redirection to a function call seems to suppress the
bailout and leads to undefined behavior.
*Here is the test-case:**
*<snip>
#!/usr/bin/ksh
some_func() {
shift 10
}
for i in a b c d e f; do
echo "read $i"
[ "$i" != "c" ] && continue
some_func 2>&1
echo "$i = c"
done
</snip>
*Output on ksh88 (Correct):**
*read a
read b
read c
test.ksh: shift: bad number
*Output on ksh93 (Undefined behavior):**
*read a
read b
read c
test.ksh[4]: shift: 10: bad number
c = c
read d
test.ksh[4]: shift: 10: bad number
d = c
read e
test.ksh[4]: shift: 10: bad number
e = c
read f
test.ksh[4]: shift: 10: bad number
f = c
*Output on ksh93 (Undefined behavior):**
*Redirecting STDERR to /dev/null to show the program flow more clearly.
read a
read b
read c
c = c
read d
d = c
read e
e = c
read f
f = c
*Here is the fix:**
*--- a/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:43:53 2013
+++ b/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:44:07 2013
@@ -1572,7 +1572,7 @@
unset_instance(nq,&node,&nr,mode);
sh_funstaks(slp->slchild,-1);
stkclose(slp->slptr);
- if(jmpval > SH_JMPFUN)
+ if(jmpval > SH_JMPFUN || (io &&
jmpval > SH_JMPIO) )
siglongjmp(*shp->jmplist,jmpval);
goto setexit;
}
I am also attaching the patch file with this email. Please let me know
on the fix.
Thanks,
Vijay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.research.att.com/pipermail/ast-developers/attachments/20130717/2fd88de9/attachment.html>
-------------- next part --------------
--- a/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:43:53 2013
+++ b/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:44:07 2013
@@ -1572,7 +1572,7 @@
unset_instance(nq,&node,&nr,mode);
sh_funstaks(slp->slchild,-1);
stkclose(slp->slptr);
- if(jmpval > SH_JMPFUN)
+ if(jmpval > SH_JMPFUN || (io && jmpval > SH_JMPIO) )
siglongjmp(*shp->jmplist,jmpval);
goto setexit;
}
I found a problem in ksh93 where over-shifting in a function puts the
interpreter into an indeterminate state.
Adding *any* redirection to a function call seems to suppress the
bailout and leads to undefined behavior.
*Here is the test-case:**
*<snip>
#!/usr/bin/ksh
some_func() {
shift 10
}
for i in a b c d e f; do
echo "read $i"
[ "$i" != "c" ] && continue
some_func 2>&1
echo "$i = c"
done
</snip>
*Output on ksh88 (Correct):**
*read a
read b
read c
test.ksh: shift: bad number
*Output on ksh93 (Undefined behavior):**
*read a
read b
read c
test.ksh[4]: shift: 10: bad number
c = c
read d
test.ksh[4]: shift: 10: bad number
d = c
read e
test.ksh[4]: shift: 10: bad number
e = c
read f
test.ksh[4]: shift: 10: bad number
f = c
*Output on ksh93 (Undefined behavior):**
*Redirecting STDERR to /dev/null to show the program flow more clearly.
read a
read b
read c
c = c
read d
d = c
read e
e = c
read f
f = c
*Here is the fix:**
*--- a/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:43:53 2013
+++ b/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:44:07 2013
@@ -1572,7 +1572,7 @@
unset_instance(nq,&node,&nr,mode);
sh_funstaks(slp->slchild,-1);
stkclose(slp->slptr);
- if(jmpval > SH_JMPFUN)
+ if(jmpval > SH_JMPFUN || (io &&
jmpval > SH_JMPIO) )
siglongjmp(*shp->jmplist,jmpval);
goto setexit;
}
I am also attaching the patch file with this email. Please let me know
on the fix.
Thanks,
Vijay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.research.att.com/pipermail/ast-developers/attachments/20130717/2fd88de9/attachment.html>
-------------- next part --------------
--- a/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:43:53 2013
+++ b/src/cmd/ksh93/sh/xec.c Tue Jul 16 12:44:07 2013
@@ -1572,7 +1572,7 @@
unset_instance(nq,&node,&nr,mode);
sh_funstaks(slp->slchild,-1);
stkclose(slp->slptr);
- if(jmpval > SH_JMPFUN)
+ if(jmpval > SH_JMPFUN || (io && jmpval > SH_JMPIO) )
siglongjmp(*shp->jmplist,jmpval);
goto setexit;
}