netbsd-bugs: bin/3929: /bin/sh core SIGSEGV

Subject: bin/3929: /bin/sh core SIGSEGV
To: None <gnats-bugs@gnats.netbsd.org>
From: Ronald Khoo <ronald@demon.net>
List: netbsd-bugs
Date: 07/31/1997 22:36:44
>Number:         3929
>Category:       bin
>Synopsis:       /bin/sh core SIGSEGV
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 31 14:50:01 1997
>Last-Modified:
>Originator:     Ronald Khoo
>Organization:
Demon Internet
>Release:        Thu Jul 31 22:13:47 BST 1997
>Environment:
	Just a normally installed workstation
System: NetBSD ronald.eng.demon.net 1.2G NetBSD 1.2G (RONALD) #0: Thu Jul 31 11:10:57 BST 1997 ronald@ronald.eng.demon.net:/usr/src/sys/arch/i386/compile/RONALD i386


>Description:
	/bin/sh SIGSEGVs on a construct found in the JDK appletviewer script.
>How-To-Repeat:
Script started on Thu Jul 31 22:08:55 1997
ronald.eng.demon.net% cat x

prog=java
for a in $* ; do
done

ronald.eng.demon.net% env - csh
% gdb -q sh
(gdb) run x x
Starting program: /tmp/sh/sh x x

Program received signal SIGSEGV (11), Segmentation fault
0x13653 in bltinlookup (name=0x71b6 "IFS", doall=1) at var.c:378
378			if (varequal(sp->text, name))
(gdb) print cmdenviron
$1 = (struct strlist *) 0x1d0f0
(gdb) print *cmdenviron
$2 = {next = 0x656e6f64, text = 0x1d000 ""}
(gdb) print *cmdenviron->next
Error accessing memory address 0x656e6f64: Operation not permitted.
(gdb) bt
#0  0x13653 in bltinlookup (name=0x71b6 "IFS", doall=1) at var.c:378
#1  0x7364 in varvalue (name=0x1d0d6 "*=", quoted=0, allow_split=1)
    at expand.c:807
#2  0x6d00 in evalvar (p=0x1d0d8 "", flag=3) at expand.c:589
#3  0x6079 in argstr (p=0x1d0d5 "\001*=", flag=3) at expand.c:220
#4  0x5dae in expandarg (arg=0x1d0dc, arglist=0xf7bfdd44, flag=3)
    at expand.c:151
#5  0x3515 in evalfor (n=0x1d0c0) at eval.c:336
#6  0x32f5 in evaltree (n=0x1d0c0, flags=0) at eval.c:253
#7  0xc434 in cmdloop (top=1) at main.c:252
#8  0xc307 in main (argc=3, argv=0xf7bfde08) at main.c:201
(gdb) list
373	{
374		struct strlist *sp;
375		struct var *v;
376	
377		for (sp = cmdenviron ; sp ; sp = sp->next) {
378			if (varequal(sp->text, name))
379				return strchr(sp->text, '=') + 1;
380		}
381		for (v = *hashvar(name) ; v ; v = v->next) {
382			if (varequal(v->text, name)) {
(gdb) quit
The program is running.  Quit anyway (and kill it)? (y or n) yes
% 
ronald.eng.demon.net% 
>Fix:

I don't know sh's internals well enough to fix it in the time I had
today, but this works around it enough to run the appletviewer :-)

***************
*** 1,5 ****
--- 1,6 ----
  
  prog=java
+ echo $* > /dev/null
  for a in $* ; do
  done
  
>Audit-Trail:
>Unformatted: