From nobody@FreeBSD.org  Thu Jan 18 18:09:20 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 66A2C37B69B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Jan 2001 18:09:20 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f0J29KO34102;
	Thu, 18 Jan 2001 18:09:20 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200101190209.f0J29KO34102@freefall.freebsd.org>
Date: Thu, 18 Jan 2001 18:09:20 -0800 (PST)
From: hunt@iprg.nokia.com
To: freebsd-gnats-submit@FreeBSD.org
Subject: Fix for spurious "arith: syntax error: " problem in sh
X-Send-Pr-Version: www-1.0

>Number:         24443
>Category:       bin
>Synopsis:       Fix for spurious "arith: syntax error: " problem in sh
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 18 18:10:01 PST 2001
>Closed-Date:    Tue Nov 6 11:58:34 PST 2001
>Last-Modified:  Tue Nov 06 12:00:34 PST 2001
>Originator:     Peter Hunt
>Release:        3.4-RELEASE
>Organization:
Nokia IP Inc.
>Environment:
FreeBSD rebempire.iprg.nokia.com 3.4-RELEASE FreeBSD 3.4-RELEASE #0: Mon Mar 13 06:51:40 PST 2000     root@rebempire.iprg.nokia.com:/usr/src/sys/compile/IPRG  i386

>Description:
The symptom of the problem is a spurious arithmetic expression
syntax error when executing a shell script line of the form:

VARIABLE=$((1000 * 1024))

The error that appears is of the form:

scriptname: arith: syntax error: "o"

The problem is caused by an error in expari() in expand.c in sh.

>How-To-Repeat:
This problem is extremely hard to reproduce, as it depends
on the specifics of previous arithmetic expressions in the shell
script. I could reproduce it all the time with one very large
script, which I can't submit, but wasn't able to do so with 
smaller scripts.

>Fix:
The existing code does the following:

        CHECKSTRSPACE(12 - 2, expdest);
        USTPUTC('\0', expdest);
        start = stackblock();
        p = expdest;
        while (*p != CTLARI && p >= start)
                --p;

The problem is that expdest points to the next unused location on the
stack, so the character at that location is just garbage left over from
a previous expression. p is set to that location, so the first iteration
of the while loop will test that garbage character for CTLARI.

If it happens to be CTLARI, the code will attempt to evaluate the characters
above the top of the stack as an arithmetic expression, and (likely) fail.
This is what was happening in the case I saw.

The solution I propose is to change the while loop to a do loop:

        CHECKSTRSPACE(12 - 2, expdest);
        USTPUTC('\0', expdest);
        start = stackblock();
        p = expdest;
        do {
                --p;
        } while (*p != CTLARI && p >= start);

        ... so that p gets decremented before the first test.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jon 
State-Changed-When: Sun Sep 2 15:47:37 PDT 2001 
State-Changed-Why:  


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24443 
State-Changed-From-To: closed->open 
State-Changed-By: jon 
State-Changed-When: Sun Sep 2 15:48:04 PDT 2001 
State-Changed-Why:  
I did not mean to close this... 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24443 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Tue Nov 6 11:58:34 PST 2001 
State-Changed-Why:  
Fixed by tegge in -current and RELENG_4.  

Peter, if you want the fix merged into the RELENG_3 branch please 
mail me and I'll see if I can arange it. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24443 
>Unformatted:
