Discussion:
[ast-developers] ksh core dump or mem corrupt.
phi
2013-10-08 13:33:33 UTC
Permalink
Hi All,

Well I said in my last post I submitted a bug fix, but this bounced, I
guess I goofed with my 'From:' addr. Here it is again.

===========================================

I submitted a bug fix to debian, but pardon my ignorance I didn't knew
that I got to send bug fix upstream first before this could reach
distros and os's.

So I suscribed to this list with my professional addr phi at hp.com and
propose the fix here to be discussed and may be implemented.

I dunno if I got to provide a .patch (or some sort of diff) here, if so,
gently let me know how.

Problem description
===================

Using an interactive ksh93, typing ## at the prompt (and more generally
#<many other chars>) result in either core dump or memory coruption.

I reproduced this with a fresh install of debian i386, build and run.

The bug is located in src/cmd/ksh93/edit/edit.c function ed_histgen()

...

char *cp, **argv, **av, **ar;

argv=0; // <<==== Added this line
if(!(hp=ep->sh->gd->hist_ptr))
...

the exit sequence in latest source look like this
ep->hlist = (Histmatch_t**)argv;
ep->hfirst = ep->hlist?ep->hlist[0]:0;
return(ep->hmax=ac);

When typing ## at prompt, we can reach the exit sequence with argv
unitialised.

Cheers,
Phi
Phi
2013-10-08 19:06:21 UTC
Permalink
HI All,

After a quick chat with Dgk, it appears that I was mislead by distros.

The fix is already in latest source @att.com but not deployed by
distros. I am a newbee in the linux world, and I thought it was a kinda
dynamic place, and when I installed both wheezy (for debian) or 12.04
(for ubuntu) I really thought I was using the latest or not too old ksh,


On ubuntu 12.04 (precise) I get ksh_93u-1 source code and debian 7.1
(wheezy) got ksh_93u-1.2 both bugged.

It is sad that debian/ubuntu propose out of the box buggy ksh that core
dump interactivly with a easy to reach ## typing.

For unknow reason, suse seems imune, yet they also use ksh_93u.

If one of you know how to approach some distro (debian?) may we could
advocate to get a later ksh out of the box.

Sorry for the false heads up.

Cheers,
Phi
Phi
2013-10-09 06:55:39 UTC
Permalink
Actually the fix was in ksh93u which is an official release in
www.research.att.com/sw/download.
There must be a flow then in debian and ubuntu, and may be that explain
why suse look imune, they all use various ksh93u+

May be there where a window for ksh93u that distro grabbed the source
from who got the bug, or they call ksh_93u+ something that is not 'u'.

Whatever it is 'modern' debian and ubuntu (3.x kernel) deserve a working
ksh out of the box, and this is not the case at time of writing.

I will get back to debian list and ask for a later source push.

My fear is that nobody care about packaging (.deb) the ksh, I got no
idea about how they do that.

Cheers,
Phi
Irek Szczesniak
2013-10-09 10:23:20 UTC
Permalink
Actually the fix was in ksh93u which is an official release in
www.research.att.com/sw/download.
There must be a flow then in debian and ubuntu, and may be that explain why
suse look imune, they all use various ksh93u+
May be there where a window for ksh93u that distro grabbed the source from
who got the bug, or they call ksh_93u+ something that is not 'u'.
Whatever it is 'modern' debian and ubuntu (3.x kernel) deserve a working ksh
out of the box, and this is not the case at time of writing.
I will get back to debian list and ask for a later source push.
My fear is that nobody care about packaging (.deb) the ksh, I got no idea
about how they do that.
Didn't Olga say she'll take over the Debian ksh package? AFAIK she's
the candidate with the best qualifications

Irek

Loading...