flee@shire.cs.psu.edu (Felix Lee) (09/11/89)
% echo `cd /tmp; echo *` coredumps in every BSD variant I've tried (Vax 4.3, SunOS 4.x, IBM/4.3). -- Felix Lee flee@shire.cs.psu.edu *!psuvax1!flee
flee@shire.cs.psu.edu (Felix Lee) (09/11/89)
addendum, it looks like a side effect of my 'cd' alias alias cd 'cd \!*; set argv = (`dirs`); shift' so the statement echo `cd /tmp; echo *` causes csh to do backquote substitution inside backquote substitution, a condition that obviously never should occur, so dobackp() kindly abort()s the child process. Sigh. -- Felix Lee flee@shire.cs.psu.edu *!psuvax1!flee
jordan@Morgan.COM (Jordan Hayes) (09/11/89)
Felix Lee <flee@shire.cs.psu.edu> writes:
% echo `cd /tmp; echo *`
coredumps in every BSD variant I've tried (Vax 4.3, SunOS 4.x, IBM/4.3).
Huh?
=====
% cat /etc/motd
SunOS Release 4.0.3 (S3SS) #6: Thu Aug 17 19:51:35 EDT 1989
% echo `cd /tmp ; echo *`
foobar hodedo Ex01841
% ls core
core not found
...
% cat /etc/motd
AIX/RT V2.2.1 (last updated 27 June 89)
% echo `cd /tmp ; echo *`
echo: No match.
% ls core
core not found
=====
Ok, so I don't have a Vax handy, but I tried it on a straight 4.3 port
on another machine and got the same results. Are you sure you don't
have something nasty aliased to cd?
/jordanroy@phri.UUCP (Roy Smith) (09/11/89)
In <FLEE.89Sep11050930@shire.cs.psu.edu> flee@shire.cs.psu.edu (Felix Lee): > % echo `cd /tmp; echo *` > coredumps in every BSD variant I've tried (Vax 4.3, SunOS 4.x, IBM/4.3). I just tried it on a Sun-3/50 running SunOS-3.5.2 and on a Vax-11/750 running MtXinu 4.3BSD/NFS and it worked just fine on both of them. -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 {att,philabs,cmcl2,rutgers,hombre}!phri!roy -or- roy@alanine.phri.nyu.edu "The connector is the network"
greim@sbsvax.UUCP (Michael Greim) (09/12/89)
In article <FLEE.89Sep11050930@shire.cs.psu.edu>, flee@shire.cs.psu.edu (Felix Lee) writes:
+ % echo `cd /tmp; echo *`
+ coredumps in every BSD variant I've tried (Vax 4.3, SunOS 4.x, IBM/4.3).
+ --
+ Felix Lee flee@shire.cs.psu.edu *!psuvax1!flee
On 29 Dec 88 I presented a fix for a similar bug.
I have tested your alias and command on both a "normal" csh and a
csh with this fix. The "normal" csh dumps core, the fixed one doesn't.
Here is the fix:
+In <2292@bucsb.UUCP> Joe Wells made us aware of a bug in csh.
+
+Symptoms:
+ Try the following in csh
+ alias foo '`cat`'
+ `foo`
+ The csh will dump core, with a message of "illegal instructions"
+ or something like this.
+
+Diagnosis:
+ When a command is built, the variable pargv (and Co.) is used to
+ hold the words of the new command. When the input is command
+ substituted (triggered by presence of '`') csh forks, the child
+ evaluates the command inside '`', the ancestor reads the output
+ and uses it to build its own command. If the child does a command
+ substitution itself (substituting foo by `cat`) it tests whether
+ pargv is already in use. If so, it assumes something has gone
+ terribly wrong and calls abort, which runs on an illegal instruction
+ to produce a core dump.
+
+ Why does this happen?
+
+ The child inherits the value of pargv (and Co.) although it should
+ start with pargv == 0, i.e. a command of its own.
+ This is no problem in 'normal' commands, because then pargv
+ is explicitly set.
+
+Therapy:
+ Change csh to do it right: after forking reset pargv (and Co.).
+ If you are lucky and have source, apply the following patch and wreak
+ yavoc (yet another version of ye old csh :-)
+ (This is a patch to 4.2 BSD csh, line numbers and context may differ)
+
+*** sh.glob.c.old Thu Dec 29 11:03:28 1988
+--- sh.glob.c Thu Dec 29 11:03:35 1988
+***************
+*** 692,697
+ dmove(pvec[1], 1);
+ dmove(SHDIAG, 2);
+ initdesc();
+ arginp = cp;
+ while (*cp)
+ *cp++ &= TRIM;
+
+--- 692,699 -----
+ dmove(pvec[1], 1);
+ dmove(SHDIAG, 2);
+ initdesc();
++ if (pargv) /* mg, 21.dec.88 */
++ blkfree(pargv), pargv = 0; /* mg, 21.dec.88 */
+ arginp = cp;
+ while (*cp)
+ *cp++ &= TRIM;
+
+
+Examination:
+ (don't type the double quotes)
+ - create a directory, let's say tmp, and cd to it.
+ - create a file named "f" in it.
+ - write the string "ls" onto this file.
+ - call the new csh
+ - do "alias foo '`cat f`'"
+ - sit back and try to figure what the output of "`foo`" might be.
+ - do "`foo`".
+ If you do this with old csh, it dumps core.
Although the way to provoke the error differ, the core seems to be
the same: you invoke a command in backquotes, which is an alias to
another command containing backquotes.
Hope this helps,
Absorb, apply and enjoy,
-mg
--
Michael Greim Email : greim@sbsvax.informatik.uni-saarland.dbp.de
or : ...!uunet!unido!sbsvax!greim
[.signature removed by the board of censors for electronic mail's main
executive computer because it contained a four letter word ("word")]frank@croton.dec.com (Frank Wortner) (09/12/89)
In article <FLEE.89Sep11063523@shire.cs.psu.edu>, flee@shire.cs.psu.edu (Felix Lee) writes:
= addendum, it looks like a side effect of my 'cd' alias
= alias cd 'cd \!*; set argv = (`dirs`); shift'
= so the statement
= echo `cd /tmp; echo *`
= causes csh to do backquote substitution inside backquote substitution,
= a condition that obviously never should occur, so dobackp() kindly
= abort()s the child process. Sigh.
Yup, you're right. It's amazing how things that are "never supposed
to happen" happen with frightening frequency. ... double sigh.
Frankhoyt@bessie.nac.dec.com (Kurt Hoyt) (09/20/89)
>> % echo `cd /tmp; echo *`
This works OK on Ultrix 3.1.
Kurt Hoyt
Digital Equipment Corporation
hoyt@decatl.dec.com
"Excuse me, doctor, I'm receiving several distress calls."