Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Apr 2016 14:24:17 +0000 (UTC)
From:      Jilles Tjoelker <jilles@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r297750 - in stable/10/bin/sh: . tests/builtins
Message-ID:  <201604091424.u39EOHeU088320@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jilles
Date: Sat Apr  9 14:24:17 2016
New Revision: 297750
URL: https://svnweb.freebsd.org/changeset/base/297750

Log:
  MFC r297360: sh: Fix use-after-free if a trap replaces itself.
  
  The mergeinfo for this commit was accidentally added to the previous commit.

Added:
  stable/10/bin/sh/tests/builtins/trap17.0
     - copied unchanged from r297360, head/bin/sh/tests/builtins/trap17.0
Modified:
  stable/10/bin/sh/tests/builtins/Makefile
  stable/10/bin/sh/trap.c

Modified: stable/10/bin/sh/tests/builtins/Makefile
==============================================================================
--- stable/10/bin/sh/tests/builtins/Makefile	Sat Apr  9 14:09:14 2016	(r297749)
+++ stable/10/bin/sh/tests/builtins/Makefile	Sat Apr  9 14:24:17 2016	(r297750)
@@ -127,6 +127,7 @@ FILES+=		trap11.0
 FILES+=		trap12.0
 FILES+=		trap13.0
 FILES+=		trap14.0
+FILES+=		trap17.0
 FILES+=		trap2.0
 FILES+=		trap3.0
 FILES+=		trap4.0

Copied: stable/10/bin/sh/tests/builtins/trap17.0 (from r297360, head/bin/sh/tests/builtins/trap17.0)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/10/bin/sh/tests/builtins/trap17.0	Sat Apr  9 14:24:17 2016	(r297750, copy of r297360, head/bin/sh/tests/builtins/trap17.0)
@@ -0,0 +1,10 @@
+# $FreeBSD$
+# This use-after-free bug probably needs non-default settings to show up.
+
+v1=nothing v2=nothing
+trap 'trap "echo bad" USR1
+v1=trap_received
+v2=trap_invoked
+:' USR1
+kill -USR1 "$$"
+[ "$v1.$v2" = trap_received.trap_invoked ]

Modified: stable/10/bin/sh/trap.c
==============================================================================
--- stable/10/bin/sh/trap.c	Sat Apr  9 14:09:14 2016	(r297749)
+++ stable/10/bin/sh/trap.c	Sat Apr  9 14:24:17 2016	(r297750)
@@ -403,6 +403,7 @@ onsig(int signo)
 void
 dotrap(void)
 {
+	struct stackmark smark;
 	int i;
 	int savestatus, prev_evalskip, prev_skipcount;
 
@@ -436,7 +437,9 @@ dotrap(void)
 
 					last_trapsig = i;
 					savestatus = exitstatus;
-					evalstring(trap[i], 0);
+					setstackmark(&smark);
+					evalstring(stsavestr(trap[i]), 0);
+					popstackmark(&smark);
 
 					/*
 					 * If such a command was not

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604091424.u39EOHeU088320>