[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
uninitialized variable access in read_builtin
|
From: |
Grisha Levit |
|
Subject: |
uninitialized variable access in read_builtin |
|
Date: |
Thu, 22 Jun 2023 12:36:03 -0400 |
`read' can hit its timeout before it gets a chance to save the current
signal mask so sigprocmask can end up restoring an uninitialized
prevset. (Also all the sigprocmask calls other than the one in the jmp
target are protected by `#if defined (SIGCHLD)' so I guess this one
should be too)
Found by running the test suite on a build with clang's
MemorySanitizer enabled. There were only two other reports, both from
quite recent additions, so I'll just mention them here:
* anonopen doesn't set *fn if memfd_create is used so uw_anonclose
frees an uninitialized pointer value later
* convert_validarray_flags_to_arrayval_flags doesn't initialize avflags
---
diff --git a/builtins/read.def b/builtins/read.def
index cb4e1e59..ecfb3d4a 100644
--- a/builtins/read.def
+++ b/builtins/read.def
@@ -428,6 +428,7 @@ read_builtin (WORD_LIST *list)
sigemptyset (&chldset);
sigprocmask (SIG_BLOCK, (sigset_t *)0, &chldset);
sigaddset (&chldset, SIGCHLD);
+ sigprocmask (SIG_SETMASK, (sigset_t *)0, &prevset);
#endif
begin_unwind_frame ("read_builtin");
@@ -495,7 +496,9 @@ read_builtin (WORD_LIST *list)
if (code)
{
reset_timeout ();
+#if defined (SIGCHLD)
sigprocmask (SIG_SETMASK, &prevset, (sigset_t *)0);
+#endif
/* Tricky. The top of the unwind-protect stack is the free of
input_string. We want to run all the rest and use input_string,
- uninitialized variable access in read_builtin,
Grisha Levit <=