| From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-004 |
| |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| |
| BASH PATCH REPORT |
| ================= |
| |
| Bash-Release: 4.4 |
| Patch-ID: bash44-004 |
| |
| Bug-Reported-by: Christian Weisgerber <naddy@mips.inka.de> |
| Bug-Reference-ID: <20161101160302.GB54856@lorvorc.mips.inka.de> |
| Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00004.html |
| |
| Bug-Description: |
| |
| There is a race condition that can result in bash referencing freed memory |
| when freeing data associated with the last process substitution. |
| |
| Patch (apply with `patch -p0'): |
| |
| *** a/bash-4.4/jobs.c 2016-08-23 16:38:44.000000000 -0400 |
| --- b/jobs.c 2016-11-02 18:24:45.000000000 -0400 |
| *************** |
| *** 454,457 **** |
| --- 454,472 ---- |
| } |
| |
| + void |
| + discard_last_procsub_child () |
| + { |
| + PROCESS *disposer; |
| + sigset_t set, oset; |
| + |
| + BLOCK_CHILD (set, oset); |
| + disposer = last_procsub_child; |
| + last_procsub_child = (PROCESS *)NULL; |
| + UNBLOCK_CHILD (oset); |
| + |
| + if (disposer) |
| + discard_pipeline (disposer); |
| + } |
| + |
| struct pipeline_saver * |
| alloc_pipeline_saver () |
| *** a/bash-4.4/jobs.h 2016-04-27 10:35:51.000000000 -0400 |
| --- b/jobs.h 2016-11-02 18:25:08.000000000 -0400 |
| *************** |
| *** 191,194 **** |
| --- 191,195 ---- |
| extern void stop_making_children __P((void)); |
| extern void cleanup_the_pipeline __P((void)); |
| + extern void discard_last_procsub_child __P((void)); |
| extern void save_pipeline __P((int)); |
| extern PROCESS *restore_pipeline __P((int)); |
| *** a/bash-4.4/subst.c 2016-08-30 16:46:38.000000000 -0400 |
| --- b/subst.c 2016-11-02 18:23:24.000000000 -0400 |
| *************** |
| *** 5809,5816 **** |
| #if defined (JOB_CONTROL) |
| if (last_procsub_child) |
| ! { |
| ! discard_pipeline (last_procsub_child); |
| ! last_procsub_child = (PROCESS *)NULL; |
| ! } |
| last_procsub_child = restore_pipeline (0); |
| #endif |
| --- 5834,5838 ---- |
| #if defined (JOB_CONTROL) |
| if (last_procsub_child) |
| ! discard_last_procsub_child (); |
| last_procsub_child = restore_pipeline (0); |
| #endif |
| *** a/bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 |
| --- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 |
| *************** |
| *** 26,30 **** |
| looks for to find the patch level (for the sccs version string). */ |
| |
| ! #define PATCHLEVEL 3 |
| |
| #endif /* _PATCHLEVEL_H_ */ |
| --- 26,30 ---- |
| looks for to find the patch level (for the sccs version string). */ |
| |
| ! #define PATCHLEVEL 4 |
| |
| #endif /* _PATCHLEVEL_H_ */ |