From a369836eb468a5444a8b0fb2d03ae37b2387056d Mon Sep 17 00:00:00 2001
From: Linux_zhang <zhangruifang1@h-partners.com>
Date: Tue, 1 Apr 2025 09:17:14 +0800
Subject: [PATCH] update sftable memory size before using pipe fd as index of
 fdstatus

---
 ksh.spec                                      |  6 ++-
 ...e-sftable-memory-size-before-using-p.patch | 39 +++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 update-sftable-memory-size-before-using-p.patch

diff --git a/ksh.spec b/ksh.spec
index 9470e7e..e8d9694 100644
--- a/ksh.spec
+++ b/ksh.spec
@@ -1,6 +1,6 @@
 Name:             ksh
 Version:          2020.0.0
-Release:          8
+Release:          9
 Summary:          The Original ATT Korn Shell
 License:          EPL-1.0
 URL:              http://www.kornshell.com/
@@ -18,6 +18,7 @@ Patch6003:        backport-Fix-handling-of-skipped-directories.patch
 Patch6004:        backport-Fix-interactive-restricted-shell-behavior.patch
 
 Patch9000:        solve-the-problem-of-dereference-null-return-value-w.patch
+Patch9001:        update-sftable-memory-size-before-using-p.patch
 
 Provides:         /bin/ksh /usr/bin/ksh
 BuildRequires:    meson gcc glibc-devel ed
@@ -91,6 +92,9 @@ done
 %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf
 
 %changelog
+* Tue Apr 01 2025 Linux_zhang <zhangruifang@h-partners.com> - 1:2020.0.0-9
+- update sftable memory size before using pipe fd as index of fdstatus
+
 * Tue May 7 2024 wangyuhang <wangyuhang27@huawei.com> - 1:2020.0.0-8
 - solve the problem of dereference null return value when moving a job to the head of the linked list
 
diff --git a/update-sftable-memory-size-before-using-p.patch b/update-sftable-memory-size-before-using-p.patch
new file mode 100644
index 0000000..4a99954
--- /dev/null
+++ b/update-sftable-memory-size-before-using-p.patch
@@ -0,0 +1,39 @@
+From f9e4914c562edea76ee12c1d0bffba19cfee3994 Mon Sep 17 00:00:00 2001
+From: chenjiayi <chenjiayi22@huawei.com>
+Date: Sun, 16 Mar 2025 16:10:17 +0800
+Subject: [PATCH 1/1] ksh: update sftable memory size before using pipe  fd as index of fdstatus
+
+---
+ src/cmd/ksh93/sh/io.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/ksh93/sh/io.c b/src/cmd/ksh93/sh/io.c
+index 4cbfa75..3b897ef 100644
+--- a/src/cmd/ksh93/sh/io.c
++++ b/src/cmd/ksh93/sh/io.c
+@@ -746,14 +746,20 @@ void sh_rpipe(int pv[]) {
+         errormsg(SH_DICT, ERROR_system(1), e_pipe);
+         __builtin_unreachable();
+     }
+-    shp->fdstatus[pv[0]] = IONOSEEK | IOREAD | IOCLEX;
+-    shp->fdstatus[pv[1]] = IONOSEEK | IOWRITE | IOCLEX;
++
+ #if !_lib_pipe2
+     if (pv[0] > 2) (void)fcntl(pv[0], F_SETFD, FD_CLOEXEC);
+     if (pv[1] > 2) (void)fcntl(pv[1], F_SETFD, FD_CLOEXEC);
+ #endif
+     if (pv[0] <= 2) pv[0] = sh_iomovefd(shp, pv[0]);
+     if (pv[1] <= 2) pv[1] = sh_iomovefd(shp, pv[1]);
++
++    if (!sh_iovalidfd(shp, pv[0])) abort();
++    if (!sh_iovalidfd(shp, pv[1])) abort();
++
++    shp->fdstatus[pv[0]] = IONOSEEK | IOREAD | IOCLEX;
++    shp->fdstatus[pv[1]] = IONOSEEK | IOWRITE | IOCLEX;
++
+     sh_subsavefd(pv[0]);
+     sh_subsavefd(pv[1]);
+ }
+-- 
+2.33.0
+
-- 
Gitee