From 512e572ef792deff4149b002bf4828e8167b50a9 Mon Sep 17 00:00:00 2001 From: Linux_zhang Date: Mon, 31 Mar 2025 16:52:00 +0800 Subject: [PATCH] update sftable memory size before using pipe fd as index of fdstatus --- ksh.spec | 6 ++- ...e-sftable-memory-size-before-using-p.patch | 39 +++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 update-sftable-memory-size-before-using-p.patch diff --git a/ksh.spec b/ksh.spec index 3a5a78a..964ae4c 100644 --- a/ksh.spec +++ b/ksh.spec @@ -1,6 +1,6 @@ Name: ksh Version: 1.0.8 -Release: 1 +Release: 2 Summary: The Original ATT Korn Shell License: EPL-2.0 URL: http://www.kornshell.com/ @@ -11,6 +11,7 @@ Source2: kshrc.rhs Source3: dotkshrc Patch9000: skip-some-test.patch +Patch9001: update-sftable-memory-size-before-using-p.patch Provides: /bin/ksh /bin/rksh BuildRequires: gcc bison glibc-langpack-ja ncurses procps tzdata util-linux @@ -115,6 +116,9 @@ done %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf %changelog +* Mon Mar 31 2025 Linux_zhang - 2:1.0.8-2 +- update sftable memory size before using pipe fd as index of fdstatus + * Mon Feb 5 2024 wangyuhang - 2:1.0.8-1 - Type:bugfix - CVE:NA diff --git a/update-sftable-memory-size-before-using-p.patch b/update-sftable-memory-size-before-using-p.patch new file mode 100644 index 0000000..4a99954 --- /dev/null +++ b/update-sftable-memory-size-before-using-p.patch @@ -0,0 +1,39 @@ +From f9e4914c562edea76ee12c1d0bffba19cfee3994 Mon Sep 17 00:00:00 2001 +From: chenjiayi +Date: Sun, 16 Mar 2025 16:10:17 +0800 +Subject: [PATCH 1/1] ksh: update sftable memory size before using pipe fd as index of fdstatus + +--- + src/cmd/ksh93/sh/io.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/ksh93/sh/io.c b/src/cmd/ksh93/sh/io.c +index 4cbfa75..3b897ef 100644 +--- a/src/cmd/ksh93/sh/io.c ++++ b/src/cmd/ksh93/sh/io.c +@@ -746,14 +746,20 @@ void sh_rpipe(int pv[]) { + errormsg(SH_DICT, ERROR_system(1), e_pipe); + __builtin_unreachable(); + } +- shp->fdstatus[pv[0]] = IONOSEEK | IOREAD | IOCLEX; +- shp->fdstatus[pv[1]] = IONOSEEK | IOWRITE | IOCLEX; ++ + #if !_lib_pipe2 + if (pv[0] > 2) (void)fcntl(pv[0], F_SETFD, FD_CLOEXEC); + if (pv[1] > 2) (void)fcntl(pv[1], F_SETFD, FD_CLOEXEC); + #endif + if (pv[0] <= 2) pv[0] = sh_iomovefd(shp, pv[0]); + if (pv[1] <= 2) pv[1] = sh_iomovefd(shp, pv[1]); ++ ++ if (!sh_iovalidfd(shp, pv[0])) abort(); ++ if (!sh_iovalidfd(shp, pv[1])) abort(); ++ ++ shp->fdstatus[pv[0]] = IONOSEEK | IOREAD | IOCLEX; ++ shp->fdstatus[pv[1]] = IONOSEEK | IOWRITE | IOCLEX; ++ + sh_subsavefd(pv[0]); + sh_subsavefd(pv[1]); + } +-- +2.33.0 + -- Gitee