From 8189e12312ede991827efc6683b7ce8463deb0bf Mon Sep 17 00:00:00 2001 From: Andrew Waldron Date: Fri, 18 Apr 2014 07:30:36 -0700 Subject: 32552 (updated by 32560): fix segfault when using process substitution in anonymous function argument list Also disallow process substitution in function name position. --- ChangeLog | 7 +++++++ Src/exec.c | 26 ++++++++++++++++++-------- Src/parse.c | 4 ++-- Src/subst.c | 2 +- Test/C04funcdef.ztst | 5 +++++ 5 files changed, 33 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 562e459fd..f8711ee31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2014-04-17 Barton E. Schaefer + + * Andrew Waldron: 32552 (updated by 32560): Src/exec.c, + Src/parse.c, Src/subst.c, Test/C04funcdef.ztst: fix segfault + when using process substitution in anonymous function argument + list; disallow process substitution in function name position. + 2014-04-15 Barton E. Schaefer * Jun T: 32546: Completion/Unix/Type/_path_files: better handling diff --git a/Src/exec.c b/Src/exec.c index f16cfd391..d821d164f 100644 --- a/Src/exec.c +++ b/Src/exec.c @@ -2346,7 +2346,7 @@ execsubst(LinkList strs) { if (strs) { prefork(strs, esprefork); - if (esglob) { + if (esglob && !errflag) { LinkList ostrs = strs; globlist(strs, 0); strs = ostrs; @@ -3867,8 +3867,10 @@ getoutputfile(char *cmd, char **eptr) int fd; char *s; - if (thisjob == -1) + if (thisjob == -1){ + zerr("process substitution %s cannot be used here", cmd); return NULL; + } if (!(prog = parsecmd(cmd, eptr))) return NULL; if (!(nam = gettempname(NULL, 0))) @@ -3939,11 +3941,13 @@ namedpipe(void) char *tnam = gettempname(NULL, 1); # ifdef HAVE_MKFIFO - if (mkfifo(tnam, 0600) < 0) + if (mkfifo(tnam, 0600) < 0){ # else - if (mknod(tnam, 0010600, 0) < 0) + if (mknod(tnam, 0010600, 0) < 0){ # endif + zerr("failed to create named pipe: %s, %e", tnam, errno); return NULL; + } return tnam; } #endif /* ! PATH_DEV_FD && HAVE_FIFOS */ @@ -3966,9 +3970,10 @@ getproc(char *cmd, char **eptr) #ifndef PATH_DEV_FD int fd; - - if (thisjob == -1) + if (thisjob == -1) { + zerr("process substitution %s cannot be used here", cmd); return NULL; + } if (!(pnam = namedpipe())) return NULL; if (!(prog = parsecmd(cmd, eptr))) @@ -3993,8 +3998,10 @@ getproc(char *cmd, char **eptr) #else /* PATH_DEV_FD */ int pipes[2], fd; - if (thisjob == -1) + if (thisjob == -1) { + zerr("process substitution %s cannot be used here", cmd); return NULL; + } pnam = hcalloc(strlen(PATH_DEV_FD) + 6); if (!(prog = parsecmd(cmd, eptr))) return NULL; @@ -4234,8 +4241,11 @@ execfuncdef(Estate state, UNUSED(int do_exec)) plen = nprg * sizeof(wordcode); len = plen + (npats * sizeof(Patprog)) + nstrs; - if (htok && names) + if (htok && names) { execsubst(names); + if (errflag) + return 1; + } while (!names || (s = (char *) ugetnode(names))) { if (!names) { diff --git a/Src/parse.c b/Src/parse.c index f0d0855d3..530a07033 100644 --- a/Src/parse.c +++ b/Src/parse.c @@ -1471,7 +1471,6 @@ par_funcdef(int *complex) if (num == 0) { /* Anonymous function, possibly with arguments */ incmdpos = 0; - *complex = 1; } zshlex(); } else if (unset(SHORTLOOPS)) { @@ -1503,6 +1502,7 @@ par_funcdef(int *complex) num++; zshlex(); } + *complex = (num > 0); ecbuf[parg] = ecused - parg; /*?*/ ecbuf[parg+1] = num; } @@ -1736,7 +1736,6 @@ par_simple(int *complex, int nr) if (argc == 0) { /* Anonymous function, possibly with arguments */ incmdpos = 0; - *complex = 1; } zshlex(); } else { @@ -1776,6 +1775,7 @@ par_simple(int *complex, int nr) argc++; zshlex(); } + *complex = (argc > 0); ecbuf[parg] = ecused - parg; /*?*/ ecbuf[parg+1] = argc; } diff --git a/Src/subst.c b/Src/subst.c index cc5df3fba..471350219 100644 --- a/Src/subst.c +++ b/Src/subst.c @@ -169,7 +169,7 @@ stringsubst(LinkList list, LinkNode node, int pf_flags, int asssub) if (errflag) return NULL; if (!subst) - subst = ""; + rest = subst = ""; sublen = strlen(subst); restlen = strlen(rest); diff --git a/Test/C04funcdef.ztst b/Test/C04funcdef.ztst index 706aa28c2..a2660315f 100644 --- a/Test/C04funcdef.ztst +++ b/Test/C04funcdef.ztst @@ -208,6 +208,11 @@ >Da de da >Do be do + () (cat $1 $2) <(print process expanded) =(print expanded to file) +0:Process substitution with anonymous functions +>process expanded +>expanded to file + () { print This has arguments $*; } of all sorts; print After the function function { print More stuff $*; } and why not; print Yet more 0:Anonymous function with arguments -- cgit 1.4.1