From 512e572ef792deff4149b002bf4828e8167b50a9 Mon Sep 17 00:00:00 2001
From: Linux_zhang <zhangruifang1@h-partners.com>
Date: Mon, 31 Mar 2025 16:52:00 +0800
Subject: [PATCH] update sftable memory size before using pipe fd as index of
 fdstatus

---
 ksh.spec                                      |  6 ++-
 ...e-sftable-memory-size-before-using-p.patch | 39 +++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 update-sftable-memory-size-before-using-p.patch

diff --git a/ksh.spec b/ksh.spec
index 3a5a78a..964ae4c 100644
--- a/ksh.spec
+++ b/ksh.spec
@@ -1,6 +1,6 @@
 Name:             ksh
 Version:          1.0.8
-Release:          1
+Release:          2
 Summary:          The Original ATT Korn Shell
 License:          EPL-2.0
 URL:              http://www.kornshell.com/
@@ -11,6 +11,7 @@ Source2:          kshrc.rhs
 Source3:          dotkshrc
     
 Patch9000:        skip-some-test.patch
+Patch9001:        update-sftable-memory-size-before-using-p.patch
 
 Provides:         /bin/ksh /bin/rksh
 BuildRequires:    gcc bison glibc-langpack-ja ncurses procps tzdata util-linux
@@ -115,6 +116,9 @@ done
 %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf
 
 %changelog
+* Mon Mar 31 2025 Linux_zhang <zhangruifang@h-partners.com> - 2:1.0.8-2
+- update sftable memory size before using pipe fd as index of fdstatus
+
 * Mon Feb 5 2024 wangyuhang <wangyuhang27@huawei.com> - 2:1.0.8-1
 - Type:bugfix
 - CVE:NA
diff --git a/update-sftable-memory-size-before-using-p.patch b/update-sftable-memory-size-before-using-p.patch
new file mode 100644
index 0000000..4a99954
--- /dev/null
+++ b/update-sftable-memory-size-before-using-p.patch
@@ -0,0 +1,39 @@
+From f9e4914c562edea76ee12c1d0bffba19cfee3994 Mon Sep 17 00:00:00 2001
+From: chenjiayi <chenjiayi22@huawei.com>
+Date: Sun, 16 Mar 2025 16:10:17 +0800
+Subject: [PATCH 1/1] ksh: update sftable memory size before using pipe  fd as index of fdstatus
+
+---
+ src/cmd/ksh93/sh/io.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/ksh93/sh/io.c b/src/cmd/ksh93/sh/io.c
+index 4cbfa75..3b897ef 100644
+--- a/src/cmd/ksh93/sh/io.c
++++ b/src/cmd/ksh93/sh/io.c
+@@ -746,14 +746,20 @@ void sh_rpipe(int pv[]) {
+         errormsg(SH_DICT, ERROR_system(1), e_pipe);
+         __builtin_unreachable();
+     }
+-    shp->fdstatus[pv[0]] = IONOSEEK | IOREAD | IOCLEX;
+-    shp->fdstatus[pv[1]] = IONOSEEK | IOWRITE | IOCLEX;
++
+ #if !_lib_pipe2
+     if (pv[0] > 2) (void)fcntl(pv[0], F_SETFD, FD_CLOEXEC);
+     if (pv[1] > 2) (void)fcntl(pv[1], F_SETFD, FD_CLOEXEC);
+ #endif
+     if (pv[0] <= 2) pv[0] = sh_iomovefd(shp, pv[0]);
+     if (pv[1] <= 2) pv[1] = sh_iomovefd(shp, pv[1]);
++
++    if (!sh_iovalidfd(shp, pv[0])) abort();
++    if (!sh_iovalidfd(shp, pv[1])) abort();
++
++    shp->fdstatus[pv[0]] = IONOSEEK | IOREAD | IOCLEX;
++    shp->fdstatus[pv[1]] = IONOSEEK | IOWRITE | IOCLEX;
++
+     sh_subsavefd(pv[0]);
+     sh_subsavefd(pv[1]);
+ }
+-- 
+2.33.0
+
-- 
Gitee