© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
OK, I see it (although the crash does not happen on MirBSD like that, the corruption does for -1 at least).
I think the fix is:
• exec.c:iosetup() int u, plus globally iop->unit, must become unsigned (probably uint8_t, as the code in syn.c only allows for two decimal digits)
• the code in lex.c:918ff must be changed to have an upper bound; there is a check for FDBASE below, which is smaller than NUFILE, which is smaller than 100 and what e->savefd is allocated with
Funnily enough, e->savefd has members of type short, which can then probably also be changed to uint8_t? I think limiting mksh to only accept [0;100[ as fd numbers is reasonable, given the currently-existing code and situation.
Will work on it ASAP (but not any more tonight). Thank you very much for reporting!