mirror of
https://https.git.savannah.gnu.org/git/bash.git
synced 2026-07-10 13:40:55 +02:00
fixes for several bugs found via fuzzing: overflow in $'...' hex expansion; fix for accessing freed memory when reading input from stdin and using multiple redirections to stdin; fix for pointer aliasing problem after a syntax error while executing a command string
This commit is contained in:
@@ -412,6 +412,7 @@ parse_and_execute (char *string, const char *from_file, int flags)
|
||||
protects installed by the string we're evaluating, so
|
||||
it will undo the current function scope. */
|
||||
dispose_command (command);
|
||||
currently_executing_command = NULL;
|
||||
discard_unwind_frame ("pe_dispose");
|
||||
}
|
||||
else
|
||||
@@ -491,6 +492,7 @@ parse_and_execute (char *string, const char *from_file, int flags)
|
||||
begin_unwind_frame ("pe_dispose");
|
||||
add_unwind_protect (uw_dispose_fd_bitmap, bitmap);
|
||||
add_unwind_protect (uw_dispose_command, command); /* XXX */
|
||||
unwind_protect_pointer (currently_executing_command);
|
||||
|
||||
global_command = (COMMAND *)NULL;
|
||||
|
||||
@@ -567,9 +569,8 @@ INTERNAL_DEBUG(("parse_and_execute: calling cat_file, parse_and_execute_level =
|
||||
#endif
|
||||
last_result = execute_command_internal
|
||||
(command, 0, NO_PIPE, NO_PIPE, bitmap);
|
||||
dispose_command (command);
|
||||
dispose_fd_bitmap (bitmap);
|
||||
discard_unwind_frame ("pe_dispose");
|
||||
|
||||
run_unwind_frame ("pe_dispose");
|
||||
|
||||
/* If the global value didn't change, we restore what we had. */
|
||||
if (((subshell_environment & SUBSHELL_COMSUB) || executing_funsub) && local_alflag == expaliases_flag)
|
||||
|
||||
Reference in New Issue
Block a user