about summary refs log tree commit diff
path: root/src/misc/wordexp.c
Commit message (Collapse)AuthorAgeFilesLines
* fix and refactor child reaping logic in wordexpRich Felker2013-11-221-6/+16
| | | | | | loop condition was incorrect and confusing and caused an infinite loop when (broken) applications reaped the pid from a signal handler or another thread before wordexp's call to waitpid could do so.
* fix fd leak and case where fd 1 is already closed in wordexpRich Felker2013-11-221-4/+4
|
* fix resource exhaustion and zero-word cases in wordexpRich Felker2013-11-221-8/+18
| | | | | | | | | | | | | when WRDE_NOSPACE is returned, the we_wordv and we_wordc members must be valid, because the interface contract allows them to return partial results. in the case of zero results (due either to resource exhaustion or a zero-word input) the we_wordv array still should contain a terminating null pointer and the initial we_offs null pointers. this is impossible on resource exhaustion, so a correct application must presumably check for a null pointer in we_wordv; POSIX however seems to ignore the issue. the previous code may have crashed under this situation.
* improve robustness of wordexp and fix handling of 0-word caseRich Felker2013-11-221-11/+16
| | | | | | | | | | | | | | | | | | | | avoid using exit status to determine if a shell error occurred, since broken programs may install SIGCHLD handlers which reap all zombies, including ones that don't belong to them. using clone and __WCLONE does not seem to work for avoiding this problem since exec resets the exit signal to SIGCHLD. instead, the new code uses a dummy word at the beginning of the shell's output, which is ignored, to determine whether the command was executed successfully. this also fixes a corner case where a word string containing zero words was interpreted as a single zero-length word rather than no words at all. POSIX does not seem to require this case to be supported anyway, though. in addition, the new code uses the correct retry idiom for waitpid to ensure that spurious STOP/CONT signals in the child and/or EINTR in the parent do not prevent successful wait for the child, and blocks signals in the child.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-061-1/+1
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* wordexp must set the we_offs entries of we_wordv to null pointersRich Felker2012-04-161-0/+4
|
* fix crash in wordfree if we_offs is not initialized by the callerRich Felker2012-04-161-0/+2
| | | | | | | I'm not sure if it's legal for wordexp to modify this field, but this is the only easy/straightforward fix, and applications should not care. if it's an issue, i can work out a different (but more complex) solution later.
* wordexp cannot use we_offs unless WRDE_DOOFFS flag is setRich Felker2011-06-251-1/+2
| | | | | | previously, a potentially-indeterminate value from we_offs was being used, resulting in wrong we_wordc and subsequent crashes in the caller.
* block cancellation in wordexp, handle more errorsRich Felker2011-04-191-2/+17
|
* avoid malloc of potentially-large string in wordexpRich Felker2011-04-191-10/+28
|
* remove stupid debug code in wordexpRich Felker2011-04-151-1/+0
|
* implement wordexp. first try, may be buggy. intended to be safe.Rich Felker2011-04-151-0/+128