fixes for several bugs found via fuzzing: overflow in $'...' hex expansion; fix for accessing freed memory when reading input from stdin and using multiple redirections to stdin; fix for pointer aliasing problem after a syntax error while executing a command string

This commit is contained in:
Chet Ramey
2025-12-30 16:06:40 -05:00
parent 722a855459
commit 4b27601dfd
10 changed files with 235 additions and 11 deletions
+4 -3
View File
@@ -412,6 +412,7 @@ parse_and_execute (char *string, const char *from_file, int flags)
protects installed by the string we're evaluating, so
it will undo the current function scope. */
dispose_command (command);
currently_executing_command = NULL;
discard_unwind_frame ("pe_dispose");
}
else
@@ -491,6 +492,7 @@ parse_and_execute (char *string, const char *from_file, int flags)
begin_unwind_frame ("pe_dispose");
add_unwind_protect (uw_dispose_fd_bitmap, bitmap);
add_unwind_protect (uw_dispose_command, command); /* XXX */
unwind_protect_pointer (currently_executing_command);
global_command = (COMMAND *)NULL;
@@ -567,9 +569,8 @@ INTERNAL_DEBUG(("parse_and_execute: calling cat_file, parse_and_execute_level =
#endif
last_result = execute_command_internal
(command, 0, NO_PIPE, NO_PIPE, bitmap);
dispose_command (command);
dispose_fd_bitmap (bitmap);
discard_unwind_frame ("pe_dispose");
run_unwind_frame ("pe_dispose");
/* If the global value didn't change, we restore what we had. */
if (((subshell_environment & SUBSHELL_COMSUB) || executing_funsub) && local_alflag == expaliases_flag)