diff options
| author | dsainty <dsainty> | 2015-09-07 06:43:48 +0000 |
|---|---|---|
| committer | dsainty <dsainty> | 2015-09-07 06:43:48 +0000 |
| commit | 568dbad88f4bf49a78c9a37cc3079d5d534c4a6d (patch) | |
| tree | 942b144fa9fbd3fc78fad7a9c457c4b49367c71c /shells | |
| parent | 1d565495a1d70e438ce47a142c97e789070e45d7 (diff) | |
| download | pkgsrc-568dbad88f4bf49a78c9a37cc3079d5d534c4a6d.tar.gz | |
On Linux, Bash is fine if you don't mind your package builds spending 50% of
their time compiling, and 50% spinning in shell scripts. If you'd rather
spend your power bill on useful gcc cycles though, you might desire to use a
different shell for running build scripts - like pdksh, which is conveniently
available at bootstrap time.
But what if pdksh does this to you?
pdksh -c 'f=`pdksh -c set | wc -l`; f=$((f+1)); while ((f < 100000)); do f=$((f+1)); eval "v_${f}=0"; echo "$f"; done'|tail -1
13106
segmentation fault (core dumped) pdksh -c
Well that's annoying, isn't it.
% echo $(((13106*10+7)/8))
16383
... that's a magical number. Coincidence? Well, no.
tp->nfree = 8*nsize/10; /* table can get 80% full */
This particularly ugly overflow happens because tp->size is a short. When
texpand() does:
p = &ntblp[hash(tblp->name) & (tp->size-1)];
tp->size-1 will, given enough variables (80% of 2^15), type coerce into a
sign-extended 32-bit value of:
info registers $ecx
ecx 0xffff7fff -32769
That hash() function does more or less what you guess, it's a 32 bit unsigned
value. The chances of the final pointer pointing inside the valid allocated
block of memory are very low indeed.
The least-change solution is to change tp->size to a 32 bit value. I've left
it signed because that matches, for example, the size parameter passed to
texpand(). But really this code would be more correct with a liberal
sprinkling of "unsigned", and perhaps a bit of "size_t".
This change allows ffmpeg's configure script, as interpreted by pdksh, to
produce more usable output than a core file.
Bump PKGREVISION for code change.
Diffstat (limited to 'shells')
| -rw-r--r-- | shells/pdksh/Makefile | 4 | ||||
| -rw-r--r-- | shells/pdksh/files/table.h | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/shells/pdksh/Makefile b/shells/pdksh/Makefile index d348da6d5f0..f6494366aaf 100644 --- a/shells/pdksh/Makefile +++ b/shells/pdksh/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.22 2014/10/09 14:06:56 wiz Exp $ +# $NetBSD: Makefile,v 1.23 2015/09/07 06:43:48 dsainty Exp $ # DISTNAME= pdksh-5.2.14 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= shells MASTER_SITES= ftp://ftp.cs.mun.ca/pub/pdksh/ \ http://gd.tuwien.ac.at/utils/shells/pdksh/ \ diff --git a/shells/pdksh/files/table.h b/shells/pdksh/files/table.h index 637d1c82b22..cfbe9b66356 100644 --- a/shells/pdksh/files/table.h +++ b/shells/pdksh/files/table.h @@ -1,4 +1,4 @@ -/* $NetBSD: table.h,v 1.2 2008/05/31 16:47:37 tnn Exp $ */ +/* $NetBSD: table.h,v 1.3 2015/09/07 06:43:48 dsainty Exp $ */ /* * generic hashed associative table for commands and variables. @@ -6,7 +6,7 @@ struct table { Area *areap; /* area to allocate entries */ - short size, nfree; /* hash size (always 2^^n), free entries */ + int size, nfree; /* hash size (always 2^^n), free entries */ struct tbl **tbls; /* hashed table items */ }; |