Fix out of bounds access when running POSIX functions #880
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit salvages a (long in LOC) bugfix from the currently postponed local-builtin branch. The bug in question has previously been described in the following ksh2020 bug report: att#1423 The ksh2020 bugfix in 9490d10 does fix the out of bounds access, but I've opted to avoid backporting it because it uses malloc wastefully. On 01-01-2024 in 7721eeb I undertook the task of fixing this bug differently by moving POSIX function execution from b_dot_cmd() to the much more appropriate sh_funscope(). Initially, this was primarily intended to aid in implementing dynamic scopes. For this commit I have used my previous work on that branch, but have been careful to avoid changing scoping behavior in any way whatsoever (this patch primarily aims to fix the out of bounds behavior). Perhaps this approach is a bit overzealous, but I think this route is better because it provides an improved framework for tackling scoping problems, (see ksh93#123), which makes this manner of fix better longterm. It's also better for SSOT to have the function execution code concentrated in sh_funscope with if statements clearly demarcating those parts peculiar to POSIX functions and codepaths especial to KornShell functions. (It's not like this patch is brand new either; I should've submitted this fix standalone over a year ago. Better late than never, I suppose.) Overview of changes: - Move POSIX function execution out of b_dot_cmd into sh_funscope. Due to the nature of dotted KornShell functions, those are still executed in b_dot_cmd(). - Delineate the codepaths for POSIX and KornShell functions in sh_funscope() using if statements. - Eliminate of the profitless DOTMAX definition; MAXDEPTH is adequate. - With the above change, simplify sh_funct() by doing away with the now needless b_dot_cmd() call and out of bounds access. As an aside, these changes slightly improve POSIX function performance (but only because POSIX functions lack scoping). Arbitrary benchmarks: $ cat bench/v-posix-fun.ksh for ((i=0; i!=1000000; i++)) do fun() { :; } fun foo bar args unset -f fun done $ cat bench/v-posix-fun-less.ksh for ((i=0; i!=1000000; i++)) do fun() { :; } fun unset -f fun done Results when run under shbench with 20 iterations and CCFLAGS=-O2 (devbranch is unpatched, basicfix is u+m with the ksh2020 fix applied, funscope-overhaul is u+m with this patch): -------------------------------------------------------------------------------------------- name /tmp/ksh-devbranch /tmp/ksh-basicfix /tmp/ksh-funscope-overhaul -------------------------------------------------------------------------------------------- v-posix-fun.ksh 1.125 [1.111-1.159] 1.159 [1.140-1.205] 0.966 [0.948-0.990] v-posix-fun-less.ksh 1.115 [1.099-1.130] 1.141 [1.117-1.226] 0.946 [0.929-0.971] --------------------------------------------------------------------------------------------
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit salvages a (long in LOC) bugfix from the currently postponed local-builtin branch. The bug in question has previously been described in the following ksh2020 bug report: att#1423
The ksh2020 bugfix in 9490d10 does fix the out of bounds access, but I've opted to avoid backporting it because it uses
mallocwastefully. On 01-01-2024 in 7721eeb I undertook the task of fixing this bug differently by moving POSIX function execution fromb_dot_cmd()to the more appropriatesh_funscope(). Initially, this was primarily intended to aid in implementing dynamic scopes.For this commit I have used my previous work on that branch, but have been careful to avoid changing scoping behavior in any way whatsoever (this patch primarily aims to fix the out of bounds behavior). Perhaps this approach is a bit overzealous, but I think this route is better because it provides an improved framework for tackling scoping problems, (see #123), which makes this manner of fix better longterm. It's also better for SSOT to have the function execution code concentrated in
sh_funscopewith if statements clearly demarcating those parts peculiar to POSIX functions and codepaths especial to KornShell functions. (It's not like this patch is brand new either; I should've submitted this fix standalone over a year ago. Better late than never, I suppose.)Overview of changes:
b_dot_cmd()intosh_funscope. Due to the nature of dotted KornShell functions, those are still executed inb_dot_cmd.sh_funscopeusing if statements.DOTMAXdefinition;MAXDEPTHis adequate.sh_funct()by doing away with the now needlessb_dot_cmdcall and out of bounds access.As an aside, these changes slightly improve POSIX function performance (but only because POSIX functions lack scoping).
Arbitrary benchmarks:
Results when run under shbench with 20 iterations and
CCFLAGS=-O2('devbranch' is unpatched, 'basicfix' is u+m with the ksh2020 fix applied, 'funscope-overhaul' is u+m with this patch):