Attached is an initial patch to rebuild using
https://github.com/google/sanitizers/wiki/AddressSanitizer
Tested on Fedora 26. Basically, add -fsanitize=address to
the CCFLAGS, and run under gdb like this:
$ ASAN_OPTIONS=abort_on_error=1 /path/to/ksh
This is not a complete patch, but with this one should
be able to run scripts and find more issues, that might
be harder to properly address.
This patch is mostly a s/memcmp/strncmp/ with some
checks for string length in a few places, and just to be
able to start ksh without a fatal error due to address errors.
A proper patch should replace all memcmp with strncmp,
unless it is proven that it cannot read unbound memory.
Thanks,
Paulo
diff -up ksh-20120801/src/cmd/ksh93/sh/io.c.orig ksh-20120801/src/cmd/ksh93/sh/io.c
--- ksh-20120801/src/cmd/ksh93/sh/io.c.orig 2017-03-24 12:26:02.247570569 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/io.c 2017-03-24 12:27:18.027760561 -0300
@@ -2703,7 +2703,7 @@ Sfio_t *sh_pathopen(const char *cp)
int sh_isdevfd(register const char *fd)
{
- if(!fd || memcmp(fd,"/dev/fd/",8) || fd[8]==0)
+ if(!fd || strncmp(fd,"/dev/fd/",8) || strlen(fd)==8)
return(0);
for ( fd=&fd[8] ; *fd != '\0' ; fd++ )
{
diff -up ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtree.c
--- ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig 2017-03-24 12:47:16.665294813 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/nvtree.c 2017-03-24 12:48:41.610299351 -0300
@@ -188,7 +188,7 @@ void *nv_diropen(Namval_t *np,const char
{
char *cp = nv_name(dp->hp);
c = strlen(cp);
- if(memcmp(name,cp,c) || name[c]!='[')
+ if(strncmp(name,cp,c) || (strlen(name)>c && name[c]!='['))
dp->hp = (Namval_t*)dtnext(dp->root,dp->hp);
else
{
@@ -266,7 +266,7 @@ static Namval_t *nextnode(struct nvdir *
{
if(dp->nextnode)
return((*dp->nextnode)(dp->hp,dp->root,dp->fun));
- if(dp->len && memcmp(dp->data, dp->hp->nvname, dp->len))
+ if(dp->len && strncmp(dp->data, dp->hp->nvname, dp->len))
return(0);
return((Namval_t*)dtnext(dp->root,dp->hp));
}
diff -up ksh-20120801/src/cmd/ksh93/sh/name.c.orig ksh-20120801/src/cmd/ksh93/sh/name.c
--- ksh-20120801/src/cmd/ksh93/sh/name.c.orig 2017-03-24 13:13:32.878150777 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/name.c 2017-03-24 13:17:06.675076991 -0300
@@ -222,7 +222,7 @@ Namval_t *nv_addnode(Namval_t* np, int r
nv_delete(np,root,NV_NOFREE);
np = nv_search(sp->rp->nvname,root,NV_ADD);
}
- if(sp->numnodes && memcmp(np->nvname,NV_CLASS,sizeof(NV_CLASS)-1))
+ if(sp->numnodes && strncmp(np->nvname,NV_CLASS,sizeof(NV_CLASS)-1))
{
name = (sp->nodes[0])->nvname;
i = strlen(name);
diff -up ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtree.c
--- ksh-20120801/src/cmd/ksh93/sh/nvtree.c.orig 2017-03-24 13:08:04.316909261 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/nvtree.c 2017-03-24 13:08:12.348719602 -0300
@@ -311,7 +311,7 @@ char *nv_dirnext(void *dir)
dp->hp = (*dp->nextnode)(np,(Dt_t*)0,dp->fun);
}
sh.last_table = last_table;
- if(!dp->len || memcmp(cp,dp->data,dp->len)==0)
+ if(!dp->len || strncmp(cp,dp->data,dp->len)==0)
{
if((nfp=nextdisc(np)) && (nfp->disc->getval||nfp->disc->getnum) && nv_isvtree(np) && strcmp(cp,dp->data))
nfp = 0;
diff -up ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtype.c
--- ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig 2017-03-24 13:33:53.695111186 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/nvtype.c 2017-03-24 13:33:59.074983225 -0300
@@ -898,7 +898,7 @@ Namval_t *nv_mktype(Namval_t **nodes, in
continue;
}
nnodes++;
- if(name && memcmp(&name[m],&np->nvname[m],n)==0 && np->nvname[m+n]=='.')
+ if(name && strncmp(&name[m],&np->nvname[m],n)==0 && np->nvname[m+n]=='.')
offset -= sizeof(char*);
dsize = nv_datasize(np,&offset);
if(!nv_isarray(np) && (dp=(Namtype_t*)nv_hasdisc(np, &type_disc)))
diff -up ksh-20120801/src/cmd/ksh93/sh/subshell.c.orig ksh-20120801/src/cmd/ksh93/sh/subshell.c
--- ksh-20120801/src/cmd/ksh93/sh/subshell.c.orig 2017-03-24 13:35:39.224601167 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/subshell.c 2017-03-24 13:36:39.727162114 -0300
@@ -295,7 +295,7 @@ Namval_t *sh_assignok(register Namval_t
{
walk = root->walk?root->walk:root;
mpnext = dtnext(root,mp);
- if(memcmp(name,mp->nvname,len) || mp->nvname[len]!='.')
+ if(strncmp(name,mp->nvname,len) || (strlen(mp->nvname)>len && mp->nvname[len]!='.'))
break;
nv_delete(mp,walk,NV_NOFREE);
*((Namval_t**)mp) = lp->child;
diff -up ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig ksh-20120801/src/cmd/ksh93/sh/nvtype.c
--- ksh-20120801/src/cmd/ksh93/sh/nvtype.c.orig 2017-03-24 16:10:34.022879267 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/nvtype.c 2017-03-24 16:10:40.882713086 -0300
@@ -1070,7 +1070,7 @@ Namval_t *nv_mktype(Namval_t **nodes, in
np->nvenv = 0;
}
nq->nvname = cp;
- if(name && memcmp(name,&np->nvname[m],n)==0 && np->nvname[m+n]=='.')
+ if(name && strncmp(name,&np->nvname[m],n)==0 && np->nvname[m+n]=='.')
offset -= sizeof(char*);
dsize = nv_datasize(np,&offset);
cp = strcopy(name=cp, &np->nvname[m]);
diff -up ksh-20120801/src/cmd/ksh93/sh/name.c.orig ksh-20120801/src/cmd/ksh93/sh/name.c
--- ksh-20120801/src/cmd/ksh93/sh/name.c.orig 2017-03-24 17:29:11.550619687 -0300
+++ ksh-20120801/src/cmd/ksh93/sh/name.c 2017-03-24 17:29:55.991547952 -0300
@@ -1425,7 +1425,7 @@ Namval_t *nv_open(const char *name, Dt_t
{
if(xp->root!=root)
continue;
- if(*name==*xp->name && xp->namespace==shp->namespace && (flags&(NV_ARRAY|NV_NOSCOPE))==xp->flags && memcmp(xp->name,name,xp->len)==0 && (name[xp->len]==0 || name[xp->len]=='=' || name[xp->len]=='+'))
+ if(*name==*xp->name && xp->namespace==shp->namespace && (flags&(NV_ARRAY|NV_NOSCOPE))==xp->flags && strlen(name)>=xp->len && memcmp(xp->name,name,xp->len)==0 && (name[xp->len]==0 || name[xp->len]=='=' || name[xp->len]=='+'))
{
sh_stats(STAT_NVHITS);
np = xp->np;
_______________________________________________
ast-users mailing list
[email protected]
http://lists.research.att.com/mailman/listinfo/ast-users
