1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
BASH PATCH REPORT
=================
Bash-Release: 3.1
Patch-ID: bash31-007
Bug-Reported-by: Tim Waugh <twaugh@redhat.com>, Laird Breyer <laird@lbreyer.com>
Bug-Reference-ID: <20060105174434.GY16000@redhat.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2006-01/msg00009.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=347695
Bug-Description:
When the number of saved jobs exceeds the initial size of the jobs array
(4096 slots), the array must be compacted and reallocated. An error in
the code to do that could cause a segmentation fault.
Patch:
*** ../bash-3.1/jobs.c Fri Nov 11 23:13:27 2005
--- jobs.c Wed Feb 1 13:55:38 2006
***************
*** 845,851 ****
{
sigset_t set, oset;
! int nsize, i, j;
JOB **nlist;
nsize = ((js.j_njobs + JOB_SLOTS - 1) / JOB_SLOTS);
nsize *= JOB_SLOTS;
--- 888,895 ----
{
sigset_t set, oset;
! int nsize, i, j, ncur, nprev;
JOB **nlist;
+ ncur = nprev = NO_JOB;
nsize = ((js.j_njobs + JOB_SLOTS - 1) / JOB_SLOTS);
nsize *= JOB_SLOTS;
***************
*** 855,869 ****
BLOCK_CHILD (set, oset);
! nlist = (JOB **) xmalloc (nsize * sizeof (JOB *));
for (i = j = 0; i < js.j_jobslots; i++)
if (jobs[i])
! nlist[j++] = jobs[i];
js.j_firstj = 0;
! js.j_lastj = (j > 0) ? j - 1: 0;
js.j_jobslots = nsize;
! free (jobs);
! jobs = nlist;
UNBLOCK_CHILD (oset);
--- 899,947 ----
BLOCK_CHILD (set, oset);
! nlist = (js.j_jobslots == nsize) ? jobs : (JOB **) xmalloc (nsize * sizeof (JOB *));
!
for (i = j = 0; i < js.j_jobslots; i++)
if (jobs[i])
! {
! if (i == js.j_current)
! ncur = j;
! if (i == js.j_previous)
! nprev = j;
! nlist[j++] = jobs[i];
! }
!
! #if defined (DEBUG)
! itrace ("realloc_jobs_list: resize jobs list from %d to %d", js.j_jobslots, nsize);
! itrace ("realloc_jobs_list: j_lastj changed from %d to %d", js.j_lastj, (j > 0) ? j - 1 : 0);
! itrace ("realloc_jobs_list: j_njobs changed from %d to %d", js.j_njobs, (j > 0) ? j - 1 : 0);
! #endif
js.j_firstj = 0;
! js.j_lastj = (j > 0) ? j - 1 : 0;
! js.j_njobs = j;
js.j_jobslots = nsize;
! /* Zero out remaining slots in new jobs list */
! for ( ; j < nsize; j++)
! nlist[j] = (JOB *)NULL;
!
! if (jobs != nlist)
! {
! free (jobs);
! jobs = nlist;
! }
!
! if (ncur != NO_JOB)
! js.j_current = ncur;
! if (nprev != NO_JOB)
! js.j_previous = nprev;
!
! /* Need to reset these */
! if (js.j_current == NO_JOB || js.j_previous == NO_JOB || js.j_current > js.j_lastj || js.j_previous > js.j_lastj)
! reset_current ();
!
! #ifdef DEBUG
! itrace ("realloc_jobs_list: reset js.j_current (%d) and js.j_previous (%d)", js.j_current, js.j_previous);
! #endif
UNBLOCK_CHILD (oset);
*** ../bash-3.1/patchlevel.h Wed Jul 20 13:58:20 2005
--- patchlevel.h Wed Dec 7 13:48:42 2005
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 6
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 7
#endif /* _PATCHLEVEL_H_ */
|