Hi all, I have just discovered that the command '/bin/kill -l 0' dumps core where bash's built in does not (well, it just displays 'T'...).
NOTE: the signal spec after dash-ell is the number zero. Pls. find the output of cygcheck and the callstack attached to this mail. Short analysis: kill.cc: main() calls listsig() with arg "0". getsig() gets called with same arg. getsig() build string "SIG0" in local buf and gives that to strtosigno() which returns 0. Then I suspect the bug in line 96 of kill.cc, the end of getsig(): if (!intsig && (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0 || *p))) intsig = -1; return intsig; intsig should be set to -1 either if intsig == 0 or if buf is not "SIG0" and strtol() returns 0 or fails, so line 96 should read if (!intsig || (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0 || *p))) This sets intsig to -1 and returns from getsig(). Without that change intsig would remain zero causing the SEGV in listsig() in line 125 where puts() is called, so another security fix in strsigno() appears to be necessary to avoid calling puts(sys_sigabbrev[0]+3); which is most likely the cause of the SEGV (I could not find the array's definition so I could not verify this). So line 125 if (signo >= 0 && signo < NSIG) should rather read if (signo > 0 && signo < NSIG) Sorry but all I can provide this a simple patch (attached) but I'm unable to test it myself. Thanks and best regards, - Michael Kwasigroch
cygcheck.out
Description: Binary data
kill.exe.stackdump
Description: Binary data
kill.patch
Description: Binary data
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
