summaryrefslogtreecommitdiff
path: root/src/misc/wordexp.c
AgeCommit message (Collapse)AuthorLines
2013-11-22fix and refactor child reaping logic in wordexpRich Felker-6/+16
loop condition was incorrect and confusing and caused an infinite loop when (broken) applications reaped the pid from a signal handler or another thread before wordexp's call to waitpid could do so.
2013-11-22fix fd leak and case where fd 1 is already closed in wordexpRich Felker-4/+4
2013-11-22fix resource exhaustion and zero-word cases in wordexpRich Felker-8/+18
when WRDE_NOSPACE is returned, the we_wordv and we_wordc members must be valid, because the interface contract allows them to return partial results. in the case of zero results (due either to resource exhaustion or a zero-word input) the we_wordv array still should contain a terminating null pointer and the initial we_offs null pointers. this is impossible on resource exhaustion, so a correct application must presumably check for a null pointer in we_wordv; POSIX however seems to ignore the issue. the previous code may have crashed under this situation.
2013-11-22improve robustness of wordexp and fix handling of 0-word caseRich Felker-11/+16
avoid using exit status to determine if a shell error occurred, since broken programs may install SIGCHLD handlers which reap all zombies, including ones that don't belong to them. using clone and __WCLONE does not seem to work for avoiding this problem since exec resets the exit signal to SIGCHLD. instead, the new code uses a dummy word at the beginning of the shell's output, which is ignored, to determine whether the command was executed successfully. this also fixes a corner case where a word string containing zero words was interpreted as a single zero-length word rather than no words at all. POSIX does not seem to require this case to be supported anyway, though. in addition, the new code uses the correct retry idiom for waitpid to ensure that spurious STOP/CONT signals in the child and/or EINTR in the parent do not prevent successful wait for the child, and blocks signals in the child.
2012-09-06use restrict everywhere it's required by c99 and/or posix 2008Rich Felker-1/+1
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
2012-04-16wordexp must set the we_offs entries of we_wordv to null pointersRich Felker-0/+4
2012-04-16fix crash in wordfree if we_offs is not initialized by the callerRich Felker-0/+2
I'm not sure if it's legal for wordexp to modify this field, but this is the only easy/straightforward fix, and applications should not care. if it's an issue, i can work out a different (but more complex) solution later.
2011-06-25wordexp cannot use we_offs unless WRDE_DOOFFS flag is setRich Felker-1/+2
previously, a potentially-indeterminate value from we_offs was being used, resulting in wrong we_wordc and subsequent crashes in the caller.
2011-04-19block cancellation in wordexp, handle more errorsRich Felker-2/+17
2011-04-19avoid malloc of potentially-large string in wordexpRich Felker-10/+28
2011-04-15remove stupid debug code in wordexpRich Felker-1/+0
2011-04-15implement wordexp. first try, may be buggy. intended to be safe.Rich Felker-0/+128