This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

cygwin 2.3.1: '/bin/kill -l 0' dumps core

Hi all,

I have just discovered that the command '/bin/kill -l 0' dumps core where 
bash's built in does not (well, it just displays 'T'...).

NOTE: the signal spec after dash-ell is the number zero.

Pls. find the output of cygcheck and the callstack attached to this mail.

Short analysis: main() calls listsig() with arg "0". getsig() 
gets called with same arg. getsig() build string "SIG0" in local buf 
and gives that to strtosigno() which returns 0.

Then I suspect the bug in line 96 of, the end of getsig():
if (!intsig && (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0
|| *p)))
intsig = -1;
return intsig;

intsig should be set to -1 either if intsig == 0 or if buf is not "SIG0"
and strtol() returns 0 or fails, so line 96 should read
if (!intsig || (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0 
|| *p))) 

This sets intsig to -1 and returns from getsig(). 

Without that change intsig would remain zero causing the SEGV in listsig() 
in line 125 where puts() is called, so another security fix in strsigno() 
appears to be necessary to avoid calling puts(sys_sigabbrev[0]+3); which 
is most likely the cause of the SEGV (I could not find the array's 
definition so I could not verify this). 

So line 125 
if (signo >= 0 && signo < NSIG) 
should rather read 
if (signo > 0 && signo < NSIG) 

Sorry but all I can provide this a simple patch (attached) but I'm unable 
to test it myself.

Thanks and best regards,
- Michael Kwasigroch 

Attachment: cygcheck.out
Description: Binary data

Attachment: kill.exe.stackdump
Description: Binary data

Attachment: kill.patch
Description: Binary data

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]