>Number:         26339
>Category:       bin
>Synopsis:       the 'fc' command can crash non-interactive ksh
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 15 21:28:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Pavel Cahyna
>Release:        2.0_BETA
>Organization:
>Environment:
NetBSD pc.localdomain 2.0_BETA NetBSD 2.0_BETA (ACPI_DEBUG) #1: Mon Jul 12 17:15:47 CEST 2004  pavel@pc.localdomain:/home/pavel/kompilace/jadra/compile/ACPI_DEBUG i386
>Description:
When used non-interactively, the hist_source pointer in ksh is initialized 
to NULL, causing a NULL dereference in the fc builtin:

(gdb) run -c "fc -l 1"
Starting program: /home/pavel/kompilace/bsdobj/bin/ksh/ksh -c "fc -l 1"

Program received signal SIGSEGV, Segmentation fault.
0x0805c3de in hist_get (str=0x80851b8 "1", approx=1, allow_cur=1)
    at /usr/src/bin/ksh/history.c:396
396                     hp = histptr + (n < 0 n : (n - hist_source->line));
(gdb) print hist_source
$5 = (Source *) 0x0

if ksh is invoked with the -i flag, it behaves correctly.
The following shows that the state of hist_source depends on the -i flag:

(gdb) run -c suspend
Starting program: /home/pavel/kompilace/bsdobj/bin/ksh/ksh -c suspend

Program received signal SIGSTOP, Stopped (signal).
0x480a9e1b in kill () from /usr/lib/libc.so.12
(gdb) print hist_source
$2 = (Source *) 0x0

(gdb) run -i -c suspend
Starting program: /home/pavel/kompilace/bsdobj/bin/ksh/ksh -i -c suspend

Program received signal SIGSTOP, Stopped (signal).
0x480a9e1b in kill () from /usr/lib/libc.so.12
(gdb) print hist_source
$3 = (Source *) 0x807e208

This is with -current ksh, the same crash can be seen on 2.0_BETA . Recent
fixes to ksh memory management haven't fixed it, unfortunately.
>How-To-Repeat:
pavel@pc:~$ ksh -c "fc -l 10"
Memory fault (core dumped) 
>Fix:
not known.
>Release-Note:
>Audit-Trail:
>Unformatted: