From eran at leshem.life  Wed Apr  7 01:04:59 2021
From: eran at leshem.life (Eran Leshem)
Date: Wed, 7 Apr 2021 04:04:59 +0300
Subject: [Tcsh] change in head/tail handling in tcsh-6.22.03
Message-ID: <01e501d72b4a$095d6950$1c183bf0$@leshem.life>

Is there a plan to release 6.22.04 with a fix to this regression?

 

Thanks 

Eran

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/tcsh/attachments/20210407/1b29b422/attachment.htm>

From christos at zoulas.com  Thu Apr  8 21:22:42 2021
From: christos at zoulas.com (Christos Zoulas)
Date: Thu, 8 Apr 2021 17:22:42 -0400
Subject: [Tcsh] change in head/tail handling in tcsh-6.22.03
In-Reply-To: <01e501d72b4a$095d6950$1c183bf0$@leshem.life>
References: <01e501d72b4a$095d6950$1c183bf0$@leshem.life>
Message-ID: <31F7CD08-8A2B-4F34-BC8B-242F79943376@zoulas.com>

Yes, but let me make sure that nothing else is broken on head first :-)

christos

> On Apr 6, 2021, at 9:04 PM, Eran Leshem <eran at leshem.life> wrote:
> 
> Is there a plan to release 6.22.04 with a fix to this regression?
> 
> Thanks
> Eran
> 
> 
> --
> Tcsh mailing list
> Tcsh at astron.com
> https://mailman.astron.com/mailman/listinfo/tcsh
> <sanitizer.log>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/tcsh/attachments/20210408/cb51e5c1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/tcsh/attachments/20210408/cb51e5c1/attachment.asc>

From walt at drummond.us  Sat Apr 17 16:03:58 2021
From: walt at drummond.us (Walt Drummond)
Date: Sat, 17 Apr 2021 09:03:58 -0700
Subject: [Tcsh] PATCH: don't walk of the end of mesg[] on signal receipt
Message-ID: <CADCN6nxGRZtzc0Ud7+j=8we+ojomKcQ2ZGfWZA8Xa_roFB9FYw@mail.gmail.com>

There is a remote possibility of a crash in tcsh when:
- a process is running in either foreground or background, and
- the kernel delivers a signal to the process where the default action
is to coredump AND the signal number sent is greater than NSIG (ie,
the kernel has more signals than user space, or an old tcsh is running
on a newer kernel).

In this case, tcsh will walk off the end of mesg[].

The small patch below (and attached in case Gmail mucks with the
formatting) avoids this possibility by checking the signal number sent
against NSIG before indexing mesg[].

--Walt

---------------------------------

diff -ru tcsh-6.22.03/sh.proc.c tcsh-6.22.03-sigfix/sh.proc.c
--- tcsh-6.22.03/sh.proc.c 2020-11-18 09:34:01.000000000 -0800
+++ tcsh-6.22.03-sigfix/sh.proc.c 2021-04-17 07:14:33.485857299 -0700
@@ -1100,7 +1100,9 @@
  int free_ptr;

  free_ptr = 0;
- ptr = (char *)(intptr_t)mesg[pp->p_reason & 0177].pname;
+ ptr = NULL;
+ if (pp->p_reason & 0177 <= NSIG)
+ ptr = (char *)(intptr_t)mesg[pp->p_reason & 0177].pname;
  if (ptr == NULL) {
      ptr = xasprintf("%s %d", CGETS(17, 5, "Signal"),
      pp->p_reason & 0177);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcsh.patch
Type: text/x-patch
Size: 544 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/tcsh/attachments/20210417/9bd3e89b/attachment.bin>