Mon Sep 7 06:43:48 2015 UTC ()

On Linux, Bash is fine if you don't mind your package builds spending 50% of
their time compiling, and 50% spinning in shell scripts.  If you'd rather
spend your power bill on useful gcc cycles though, you might desire to use a
different shell for running build scripts - like pdksh, which is conveniently
available at bootstrap time.

But what if pdksh does this to you?

pdksh -c 'f=`pdksh -c set | wc -l`; f=$((f+1)); while ((f < 100000)); do f=$((f+1)); eval "v_${f}=0"; echo "$f"; done'|tail -1
 13106
segmentation fault (core dumped)  pdksh -c

Well that's annoying, isn't it.

% echo $(((13106*10+7)/8))
16383

... that's a magical number.  Coincidence?  Well, no.

tp->nfree = 8*nsize/10; /* table can get 80% full */

This particularly ugly overflow happens because tp->size is a short.  When
texpand() does:

  p = &ntblp[hash(tblp->name) & (tp->size-1)];

tp->size-1 will, given enough variables (80% of 2^15), type coerce into a
sign-extended 32-bit value of:

info registers $ecx
ecx            0xffff7fff       -32769

That hash() function does more or less what you guess, it's a 32 bit unsigned
value.  The chances of the final pointer pointing inside the valid allocated
block of memory are very low indeed.

The least-change solution is to change tp->size to a 32 bit value.  I've left
it signed because that matches, for example, the size parameter passed to
texpand().  But really this code would be more correct with a liberal
sprinkling of "unsigned", and perhaps a bit of "size_t".

This change allows ffmpeg's configure script, as interpreted by pdksh, to
produce more usable output than a core file.

Bump PKGREVISION for code change.


(dsainty)

diff -r1.22 -r1.23 pkgsrc/shells/pdksh/Makefile
diff -r1.2 -r1.3 pkgsrc/shells/pdksh/files/table.h

--- pkgsrc/shells/pdksh/Makefile 2014/10/09 14:06:56 1.22
+++ pkgsrc/shells/pdksh/Makefile 2015/09/07 06:43:48 1.23

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.22 2014/10/09 14:06:56 wiz Exp $
+# $NetBSD: Makefile,v 1.23 2015/09/07 06:43:48 dsainty Exp $
+#
 DISTNAME=	pdksh-5.2.14
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	shells
 MASTER_SITES=	ftp://ftp.cs.mun.ca/pub/pdksh/ \
 		http://gd.tuwien.ac.at/utils/shells/pdksh/ \
 		ftp://ftp.lip6.fr/pub/unix/shells/pdksh/ \
 		ftp://ftp.demon.net/pub/mirrors/pdksh/
 MASTER_SITES=	# maintained locally
 DISTFILES=	# empty
 MAINTAINER=	schmonz@NetBSD.org
 HOMEPAGE=	http://web.cs.mun.ca/~michael/pdksh/
 COMMENT=	Free clone of the AT&T Korn shell
 BOOTSTRAP_PKG=	yes

--- pkgsrc/shells/pdksh/files/table.h 2008/05/31 16:47:37 1.2
+++ pkgsrc/shells/pdksh/files/table.h 2015/09/07 06:43:48 1.3

 @@ -1,22 +1,22 @@
-/* $NetBSD: table.h,v 1.2 2008/05/31 16:47:37 tnn Exp $ */
+/* $NetBSD: table.h,v 1.3 2015/09/07 06:43:48 dsainty Exp $ */
 /*
  * generic hashed associative table for commands and variables.
  */
 struct table {
 	Area   *areap;		/* area to allocate entries */
-	short	size, nfree;	/* hash size (always 2^^n), free entries */
+	int	size, nfree;	/* hash size (always 2^^n), free entries */
 	struct	tbl **tbls;	/* hashed table items */
 };
 struct tbl {			/* table item */
 	Tflag	flag;		/* flags */
 	int	type;		/* command type (see below), base (if INTEGER),
 				 * or offset from val.s of value (if EXPORT) */
 	Area	*areap;		/* area to allocate from */
 	union {
 		char *s;	/* string */
 		long i;		/* integer */
 		int (*f) ARGS((char **));	/* int function */
 		struct op *t;	/* "function" tree */