From ru@whale.sunbay.crimea.ua  Wed Jun 27 05:39:02 2001
Return-Path: <ru@whale.sunbay.crimea.ua>
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP id 39CD337B40D
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 27 Jun 2001 05:38:58 -0700 (PDT)
	(envelope-from ru@whale.sunbay.crimea.ua)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f5RCctW70257;
	Wed, 27 Jun 2001 15:38:55 +0300 (EEST)
	(envelope-from ru)
Message-Id: <200106271238.f5RCctW70257@whale.sunbay.crimea.ua>
Date: Wed, 27 Jun 2001 15:38:55 +0300 (EEST)
From: Ruslan Ermilov <ru@freebsd.org>
Reply-To: Ruslan Ermilov <ru@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: sh(1) aborts on certain input
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         28449
>Category:       bin
>Synopsis:       sh(1) aborts on certain input
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    cracauer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 27 05:40:07 PDT 2001
>Closed-Date:    Tue Mar 25 03:53:53 PST 2003
>Last-Modified:  Tue Mar 25 03:53:53 PST 2003
>Originator:     Ruslan Ermilov
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Sunbay Software AG
>Environment:
System: FreeBSD perl.sunbay.crimea.ua 5.0-CURRENT FreeBSD 5.0-CURRENT #10: Wed Jun 27 06:27:24 EEST 2001 root@perl.sunbay.crimea.ua:/usr/obj/CURRENT/usr/src/sys/PERL i386


>Description:
sh(1) calls abort(3) on certain input (backslash followed by
the character with ASCII code 130).

>How-To-Repeat:
sh -c 'echo -e echo "\\\\\0202"' |sh
Abort trap - core dumped
>Fix:


>Release-Note:
>Audit-Trail:

From: Tor.Egge@fast.no
To: ru@FreeBSD.ORG
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/28449: sh(1) aborts on certain input
Date: Thu, 28 Jun 2001 04:07:07 +0200

 Try this patch.
 
 Index: expand.c
 ===================================================================
 RCS file: /home/ncvs/src/bin/sh/expand.c,v
 retrieving revision 1.32
 diff -u -r1.32 expand.c
 --- expand.c	2000/05/15 12:33:17	1.32
 +++ expand.c	2001/03/04 23:52:35
 @@ -315,7 +315,7 @@
  		goto lose;
  	*p = c;
  	while ((c = *home++) != '\0') {
 -		if (quotes && c >= 0 && SQSYNTAX[(int)c] == CCTL)
 +		if (quotes && SQSYNTAX[(int)c] == CCTL)
  			STPUTC(CTLESC, expdest);
  		STPUTC(c, expdest);
  	}
 @@ -478,7 +478,7 @@
  		}
  		lastc = *p++;
  		if (lastc != '\0') {
 -			if (quotes && lastc >= 0 && syntax[(int)lastc] == CCTL)
 +			if (quotes && syntax[(int)lastc] == CCTL)
  				STPUTC(CTLESC, dest);
  			STPUTC(lastc, dest);
  		}
 @@ -694,7 +694,7 @@
  			}
  			else {
  				while (*val) {
 -					if (quotes && *val >= 0 &&
 +					if (quotes &&
  					    syntax[(int)*val] == CCTL)
  						STPUTC(CTLESC, expdest);
  					STPUTC(*val++, expdest);
 @@ -866,7 +866,7 @@
  	if (allow_split) { \
  		syntax = quoted? DQSYNTAX : BASESYNTAX; \
  		while (*p) { \
 -			if (*p >= 0 && syntax[(int)*p] == CCTL) \
 +			if (syntax[(int)*p] == CCTL) \
  				STPUTC(CTLESC, expdest); \
  			STPUTC(*p++, expdest); \
  		} \
 Index: mksyntax.c
 ===================================================================
 RCS file: /home/ncvs/src/bin/sh/mksyntax.c,v
 retrieving revision 1.15
 diff -u -r1.15 mksyntax.c
 --- mksyntax.c	2001/06/19 15:41:57	1.15
 +++ mksyntax.c	2001/06/21 21:54:20
 @@ -352,9 +352,9 @@
  
  static char *macro[] = {
  	"#define is_digit(c)\t((c >= 0 && is_type+SYNBASE)[c] & ISDIGIT)",
 -	"#define is_alpha(c)\t((c) != PEOF && ((c) < CTLESC || (c) > CTLENDARI) && isalpha((unsigned char) (c)))",
 -	"#define is_name(c)\t((c) != PEOF && ((c) < CTLESC || (c) > CTLENDARI) && ((c) == '_' || isalpha((unsigned char) (c))))",
 -	"#define is_in_name(c)\t((c) != PEOF && ((c) < CTLESC || (c) > CTLENDARI) && ((c) == '_' || isalnum((unsigned char) (c))))",
 +	"#define is_alpha(c)\t((c) != PEOF && ((c) < CTLESC || (c) > CTLQUOTEMARK) && isalpha((unsigned char) (c)))",
 +	"#define is_name(c)\t((c) != PEOF && ((c) < CTLESC || (c) > CTLQUOTEMARK) && ((c) == '_' || isalpha((unsigned char) (c))))",
 +	"#define is_in_name(c)\t((c) != PEOF && ((c) < CTLESC || (c) > CTLQUOTEMARK) && ((c) == '_' || isalnum((unsigned char) (c))))",
  	"#define is_special(c)\t((is_type+SYNBASE)[c] & (ISSPECL|ISDIGIT))",
  	NULL
  };
 Index: parser.c
 ===================================================================
 RCS file: /home/ncvs/src/bin/sh/parser.c,v
 retrieving revision 1.36
 diff -u -r1.36 parser.c
 --- parser.c	2001/04/09 12:46:19	1.36
 +++ parser.c	2001/04/17 18:27:52
 @@ -977,7 +977,7 @@
  					    c != '`' && c != '$' &&
  					    (c != '"' || eofmark != NULL))
  						USTPUTC('\\', out);
 -					if (c >= 0 && SQSYNTAX[c] == CCTL)
 +					if (SQSYNTAX[c] == CCTL)
  						USTPUTC(CTLESC, out);
  					else if (eofmark == NULL)
  						USTPUTC(CTLQUOTEMARK, out);
 @@ -1496,7 +1496,7 @@
  			continue;
  		if (c == CTLESC)
  			p++;
 -		else if (c >= 0 && BASESYNTAX[(int)c] == CCTL)
 +		else if (BASESYNTAX[(int)c] == CCTL)
  			return 0;
  	}
  	return 1;
 
 
 - Tor Egge

From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Tor.Egge@fast.no
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/28449: sh(1) aborts on certain input
Date: Fri, 29 Jun 2001 10:11:22 +0300

 Nope, doesn't work.  Your patch only hides the real bug, and
 simply backs out changes Martin did in parser.c,v 1.27, etc.
 
 > Index: parser.c
 > ===================================================================
 > RCS file: /home/ncvs/src/bin/sh/parser.c,v
 > retrieving revision 1.36
 > diff -u -r1.36 parser.c
 > --- parser.c	2001/04/09 12:46:19	1.36
 > +++ parser.c	2001/04/17 18:27:52
 > @@ -977,7 +977,7 @@
 >  					    c != '`' && c != '$' &&
 >  					    (c != '"' || eofmark != NULL))
 >  						USTPUTC('\\', out);
 > -					if (c >= 0 && SQSYNTAX[c] == CCTL)
 > +					if (SQSYNTAX[c] == CCTL)
 >  						USTPUTC(CTLESC, out);
 >  					else if (eofmark == NULL)
 >  						USTPUTC(CTLQUOTEMARK, out);
 
 With my test, `c' will be -126 here, and SQSYNTAX[-126] is obviously the
 wrong thing.
 
 Funny though, I've managed to make almost identical patch before I sent
 a PR.  :-)
 
 Then realized that it's bogus, and the actual problem is that our sh(1)
 is not 8-bit clean (apparently).
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age

From: Tor.Egge@fast.no
To: ru@FreeBSD.ORG
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/28449: sh(1) aborts on certain input
Date: Fri, 29 Jun 2001 14:14:49 +0200

 > With my test, `c' will be -126 here, and SQSYNTAX[-126] is obviously t=
 he
 > wrong thing.
 
 It is obviously the right thing.
 
 From=20the generated file syntax.h:
 
 
 	#define SYNBASE 129
 	#define SQSYNTAX (sqsyntax + SYNBASE)
 
 i.e. SQSYNTAX[-126] becomes (sqsyntax + 129)[-126] which is sqsyntax[3].=
 
 
 - Tor Egge

From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Tor.Egge@fast.no
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/28449: sh(1) aborts on certain input
Date: Fri, 29 Jun 2001 15:18:20 +0300

 Ouch, then this definitely works for me, at least this doesn't
 abort(3)'s anymore.
 
 On Fri, Jun 29, 2001 at 02:14:49PM +0200, Tor.Egge@fast.no wrote:
 > 
 > 
 > > With my test, `c' will be -126 here, and SQSYNTAX[-126] is obviously the
 > > wrong thing.
 > 
 > It is obviously the right thing.
 > 
 > >From the generated file syntax.h:
 > 
 > 
 > 	#define SYNBASE 129
 > 	#define SQSYNTAX (sqsyntax + SYNBASE)
 > 
 > i.e. SQSYNTAX[-126] becomes (sqsyntax + 129)[-126] which is sqsyntax[3].
 > 
 > - Tor Egge
 
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
Responsible-Changed-From-To: freebsd-bugs->cracauer 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sun Jul 1 14:29:33 PDT 2001 
Responsible-Changed-Why:  
Martin is the sh maintainer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28449 
State-Changed-From-To: open->closed 
State-Changed-By: tjr 
State-Changed-When: Tue Mar 25 03:53:29 PST 2003 
State-Changed-Why:  
This has been fixed in -current and -stable for a while now. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=28449 
>Unformatted:
