Index | Thread | Search

From:
Kirill A. Korinsky <kirill@korins.ky>
Subject:
Re: ksh segfault on 7.9
To:
OpenBSD tech <tech@openbsd.org>
Date:
Fri, 19 Jun 2026 15:50:20 +0200

Download raw body.

Thread

  • Kirill A. Korinsky:

    ksh segfault on 7.9

On Sun, 14 Jun 2026 01:09:52 +0200,
Kirill A. Korinsky <kirill@korins.ky> wrote:
> 
> On Wed, 10 Jun 2026 04:54:24 +0200,
> Luigi Vianello <luigi.vianello.cloud@gmail.com> wrote:
> > 
> > >Synopsis: ksh segfault
> > >Category: user
> > >Environment:
> > System      : OpenBSD 7.9
> > Details     : OpenBSD 7.9 (GENERIC.MP) #449: Wed May  6 13:17:25 MDT 2026
> > deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > Architecture: OpenBSD.amd64
> > Machine     : amd64
> > 
> > >Description:
> > ksh crashes after setting the PS1 variable and running set -o randomstring
> > I encountered this bug while playing with gemini. My intention
> > was to create a way to save the timestamp in ksh's history for each
> > command typed.
> > The bug is always reproducible.
> > I'm not attaching the dmesg because I don't think it's relevant. If it is,
> > I'll create a new report with the necessary attachments.
> > 
> > >How-To-Repeat:
> > The problem is easily reproducible by setting the following variable PS1
> > $ PS1='$(printf "# [%s]\n" "$(date "+%Y-%m-%d %H:%M:%S")" | read
> > -s)$USER@$(hostname -s):$PWD$ '
> > and then
> > $ set -o bye
> > ksh: set: bye: bad option
> > Segmentation fault (core dumped)
> > $ ls -al ksh.core
> > -rw-------  1 testuser  testuser  4831840 Jun 10 03:48 ksh.core
> > 
> 
> Thanks for report.
> 
> unwind() may clear source while popping execution environments. The
> interactive shell then expands PS1 before compile() restores source, so
> a prompt command substitution using read -s can dereference NULL while
> saving history. Restore source to the current interactive input source
> before continuing to the prompt loop.
> 
> Ok?
> 

Anyone?

Index: bin/ksh/main.c
===================================================================
RCS file: /home/cvs/src/bin/ksh/main.c,v
diff -u -p -r1.100 main.c
--- bin/ksh/main.c	23 Jul 2023 23:42:03 -0000	1.100
+++ bin/ksh/main.c	13 Jun 2026 23:08:05 -0000
@@ -587,6 +587,7 @@ shell(Source *volatile s, volatile int t
 				 */
 				/* toss any input we have so far */
 				s->start = s->str = null;
+				source = s;
 				break;
 			}
 			/* FALLTHROUGH */


-- 
wbr, Kirill