Bug Summary

File:src/bin/ksh/var.c
Warning:line 581, column 15
Null pointer passed as 1st argument to string length function

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name var.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/bin/ksh/obj -resource-dir /usr/local/llvm16/lib/clang/16 -D EMACS -D VI -I . -I /usr/src/bin/ksh -I /usr/src/bin/ksh/../../lib/libc/gen -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/bin/ksh/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/bin/ksh/var.c
1/* $OpenBSD: var.c,v 1.73 2023/07/23 23:42:03 kn Exp $ */
2
3#include <sys/stat.h>
4#include <sys/time.h>
5
6#include <ctype.h>
7#include <errno(*__errno()).h>
8#include <inttypes.h>
9#include <limits.h>
10#include <stdlib.h>
11#include <string.h>
12#include <time.h>
13#include <unistd.h>
14#ifndef SMALL
15# include <term.h>
16# include <curses.h>
17#endif
18
19#include "sh.h"
20
21/*
22 * Variables
23 *
24 * WARNING: unreadable code, needs a rewrite
25 *
26 * if (flag&INTEGER), val.i contains integer value, and type contains base.
27 * otherwise, (val.s + type) contains string value.
28 * if (flag&EXPORT), val.s contains "name=value" for E-Z exporting.
29 */
30static struct tbl vtemp;
31static struct table specials;
32static char *formatstr(struct tbl *, const char *);
33static void export(struct tbl *, const char *);
34static int special(const char *);
35static void unspecial(const char *);
36static void getspec(struct tbl *);
37static void setspec(struct tbl *);
38static void unsetspec(struct tbl *);
39static struct tbl *arraysearch(struct tbl *, int);
40
41/*
42 * create a new block for function calls and simple commands
43 * assume caller has allocated and set up genv->loc
44 */
45void
46newblock(void)
47{
48 struct block *l;
49 static char *const empty[] = {null};
50
51 l = alloc(sizeof(struct block), ATEMP&genv->area);
52 l->flags = 0;
53 ainit(&l->area); /* todo: could use genv->area (l->area => l->areap) */
54 if (!genv->loc) {
55 l->argc = 0;
56 l->argv = (char **) empty;
57 } else {
58 l->argc = genv->loc->argc;
59 l->argv = genv->loc->argv;
60 }
61 l->exit = l->error = NULL((void *)0);
62 ktinit(&l->vars, &l->area, 0);
63 ktinit(&l->funs, &l->area, 0);
64 l->next = genv->loc;
65 genv->loc = l;
66}
67
68/*
69 * pop a block handling special variables
70 */
71void
72popblock(void)
73{
74 struct block *l = genv->loc;
75 struct tbl *vp, **vpp = l->vars.tbls, *vq;
76 int i;
77
78 genv->loc = l->next; /* pop block */
79 for (i = l->vars.size; --i >= 0; )
80 if ((vp = *vpp++) != NULL((void *)0) && (vp->flag&SPECIAL(1<<(8)))) {
81 if ((vq = global(vp->name))->flag & ISSET(1<<(2)))
82 setspec(vq);
83 else
84 unsetspec(vq);
85 }
86 if (l->flags & BF_DOGETOPTS(1<<(0)))
87 user_opt = l->getopts_state;
88 afreeall(&l->area);
89 afree(l, ATEMP&genv->area);
90}
91
92/* called by main() to initialize variable data structures */
93void
94initvar(void)
95{
96 static const struct {
97 const char *name;
98 int v;
99 } names[] = {
100 { "COLUMNS", V_COLUMNS14 },
101 { "IFS", V_IFS2 },
102 { "OPTIND", V_OPTIND4 },
103 { "PATH", V_PATH1 },
104 { "POSIXLY_CORRECT", V_POSIXLY_CORRECT15 },
105 { "TMPDIR", V_TMPDIR17 },
106 { "HISTCONTROL", V_HISTCONTROL9 },
107 { "HISTFILE", V_HISTFILE11 },
108 { "HISTSIZE", V_HISTSIZE10 },
109 { "EDITOR", V_EDITOR13 },
110 { "VISUAL", V_VISUAL12 },
111#ifndef SMALL
112 { "MAIL", V_MAIL5 },
113 { "MAILCHECK", V_MAILCHECK7 },
114 { "MAILPATH", V_MAILPATH6 },
115#endif /* SMALL */
116 { "RANDOM", V_RANDOM8 },
117 { "SECONDS", V_SECONDS3 },
118 { "TMOUT", V_TMOUT16 },
119 { "LINENO", V_LINENO18 },
120 { "TERM", V_TERM19 },
121 { NULL((void *)0), 0 }
122 };
123 int i;
124 struct tbl *tp;
125
126 ktinit(&specials, APERM&aperm, 32); /* must be 2^n (currently 19 specials) */
127 for (i = 0; names[i].name; i++) {
128 tp = ktenter(&specials, names[i].name, hash(names[i].name));
129 tp->flag = DEFINED(1<<(1))|ISSET(1<<(2));
130 tp->type = names[i].v;
131 }
132}
133
134/* Used to calculate an array index for global()/local(). Sets *arrayp to
135 * non-zero if this is an array, sets *valp to the array index, returns
136 * the basename of the array.
137 */
138static const char *
139array_index_calc(const char *n, bool_Bool *arrayp, int *valp)
140{
141 const char *p;
142 int len;
143
144 *arrayp = false0;
145 p = skip_varname(n, false0);
146 if (p != n && *p == '[' && (len = array_ref_len(p))) {
147 char *sub, *tmp;
148 int64_t rval;
149
150 /* Calculate the value of the subscript */
151 *arrayp = true1;
152 tmp = str_nsave(p+1, len-2, ATEMP&genv->area);
153 sub = substitute(tmp, 0);
154 afree(tmp, ATEMP&genv->area);
155 n = str_nsave(n, p - n, ATEMP&genv->area);
156 evaluate(sub, &rval, KSH_UNWIND_ERROR0x0, true1);
157 if (rval < 0 || rval > INT_MAX0x7fffffff)
158 errorf("%s: subscript %" PRIi64"lli" " out of range",
159 n, rval);
160 *valp = rval;
161 afree(sub, ATEMP&genv->area);
162 }
163 return n;
164}
165
166/*
167 * Search for variable, if not found create globally.
168 */
169struct tbl *
170global(const char *n)
171{
172 struct block *l = genv->loc;
173 struct tbl *vp;
174 long num;
175 int c;
176 unsigned int h;
177 bool_Bool array;
178 int val;
179
180 /* Check to see if this is an array */
181 n = array_index_calc(n, &array, &val);
182 h = hash(n);
183 c = (unsigned char)n[0];
184 if (!letter(c)!!(ctypes[(unsigned char)(c)]&((1<<(0))))) {
185 if (array)
186 errorf("bad substitution");
187 vp = &vtemp;
188 vp->flag = DEFINED(1<<(1));
189 vp->type = 0;
190 vp->areap = ATEMP&genv->area;
191 *vp->name = c;
192 if (digit(c)isdigit((unsigned char)(c))) {
193 errno(*__errno()) = 0;
194 num = strtol(n, NULL((void *)0), 10);
195 if (errno(*__errno()) == 0 && num <= l->argc)
196 /* setstr can't fail here */
197 setstr(vp, l->argv[num], KSH_RETURN_ERROR0x1);
198 vp->flag |= RDONLY(1<<(10));
199 return vp;
200 }
201 vp->flag |= RDONLY(1<<(10));
202 if (n[1] != '\0')
203 return vp;
204 vp->flag |= ISSET(1<<(2))|INTEGER(1<<(9));
205 switch (c) {
206 case '$':
207 vp->val.i = kshpid;
208 break;
209 case '!':
210 /* If no job, expand to nothing */
211 if ((vp->val.i = j_async()) == 0)
212 vp->flag &= ~(ISSET(1<<(2))|INTEGER(1<<(9)));
213 break;
214 case '?':
215 vp->val.i = exstat;
216 break;
217 case '#':
218 vp->val.i = l->argc;
219 break;
220 case '-':
221 vp->flag &= ~INTEGER(1<<(9));
222 vp->val.s = getoptions();
223 break;
224 default:
225 vp->flag &= ~(ISSET(1<<(2))|INTEGER(1<<(9)));
226 }
227 return vp;
228 }
229 for (l = genv->loc; ; l = l->next) {
230 vp = ktsearch(&l->vars, n, h);
231 if (vp != NULL((void *)0)) {
232 if (array)
233 return arraysearch(vp, val);
234 else
235 return vp;
236 }
237 if (l->next == NULL((void *)0))
238 break;
239 }
240 vp = ktenter(&l->vars, n, h);
241 if (array)
242 vp = arraysearch(vp, val);
243 vp->flag |= DEFINED(1<<(1));
244 if (special(n))
245 vp->flag |= SPECIAL(1<<(8));
246 return vp;
247}
248
249/*
250 * Search for local variable, if not found create locally.
251 */
252struct tbl *
253local(const char *n, bool_Bool copy)
254{
255 struct block *l = genv->loc;
256 struct tbl *vp;
257 unsigned int h;
258 bool_Bool array;
259 int val;
260
261 /* Check to see if this is an array */
262 n = array_index_calc(n, &array, &val);
263 h = hash(n);
264 if (!letter(*n)!!(ctypes[(unsigned char)(*n)]&((1<<(0))))) {
265 vp = &vtemp;
266 vp->flag = DEFINED(1<<(1))|RDONLY(1<<(10));
267 vp->type = 0;
268 vp->areap = ATEMP&genv->area;
269 return vp;
270 }
271 vp = ktenter(&l->vars, n, h);
272 if (copy && !(vp->flag & DEFINED(1<<(1)))) {
273 struct block *ll = l;
274 struct tbl *vq = NULL((void *)0);
275
276 while ((ll = ll->next) && !(vq = ktsearch(&ll->vars, n, h)))
277 ;
278 if (vq) {
279 vp->flag |= vq->flag &
280 (EXPORT(1<<(3)) | INTEGER(1<<(9)) | RDONLY(1<<(10)) | LJUST(1<<(14)) | RJUST(1<<(15)) |
281 ZEROFIL(1<<(16)) | LCASEV(1<<(17)) | UCASEV_AL(1<<(18)) | INT_U(1<<(19)) | INT_L(1<<(20)));
282 if (vq->flag & INTEGER(1<<(9)))
283 vp->type = vq->type;
284 vp->u2.field = vq->u2.field;
285 }
286 }
287 if (array)
288 vp = arraysearch(vp, val);
289 vp->flag |= DEFINED(1<<(1));
290 if (special(n))
291 vp->flag |= SPECIAL(1<<(8));
292 return vp;
293}
294
295/* get variable string value */
296char *
297str_val(struct tbl *vp)
298{
299 char *s;
300
301 if ((vp->flag&SPECIAL(1<<(8))))
302 getspec(vp);
303 if (!(vp->flag&ISSET(1<<(2))))
304 s = null; /* special to dollar() */
305 else if (!(vp->flag&INTEGER(1<<(9)))) /* string source */
306 s = vp->val.s + vp->type;
307 else { /* integer source */
308 /* worst case number length is when base=2, so use
309 * minus base # number BITS(int64_t) NUL */
310 char strbuf[1 + 2 + 1 + BITS(int64_t)(8 * sizeof(int64_t)) + 1];
311 const char *digits = (vp->flag & UCASEV_AL(1<<(18))) ?
312 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" :
313 "0123456789abcdefghijklmnopqrstuvwxyz";
314 uint64_t n;
315 unsigned int base;
316
317 s = strbuf + sizeof(strbuf);
318 if (vp->flag & INT_U(1<<(19)))
319 n = (uint64_t) vp->val.i;
320 else
321 n = (vp->val.i < 0) ? -vp->val.i : vp->val.i;
322 base = (vp->type == 0) ? 10 : vp->type;
323 if (base < 2 || base > strlen(digits))
324 base = 10;
325
326 *--s = '\0';
327 do {
328 *--s = digits[n % base];
329 n /= base;
330 } while (n != 0);
331 if (base != 10) {
332 *--s = '#';
333 *--s = digits[base % 10];
334 if (base >= 10)
335 *--s = digits[base / 10];
336 }
337 if (!(vp->flag & INT_U(1<<(19))) && vp->val.i < 0)
338 *--s = '-';
339 if (vp->flag & (RJUST(1<<(15))|LJUST(1<<(14)))) /* case already dealt with */
340 s = formatstr(vp, s);
341 else
342 s = str_save(s, ATEMP&genv->area);
343 }
344 return s;
345}
346
347/* get variable integer value, with error checking */
348int64_t
349intval(struct tbl *vp)
350{
351 int64_t num;
352 int base;
353
354 base = getint(vp, &num, false0);
355 if (base == -1)
356 /* XXX check calls - is error here ok by POSIX? */
357 errorf("%s: bad number", str_val(vp));
358 return num;
359}
360
361/* set variable to string value */
362int
363setstr(struct tbl *vq, const char *s, int error_ok)
364{
365 const char *fs = NULL((void *)0);
366 int no_ro_check = error_ok & KSH_IGNORE_RDONLY0x4;
367 error_ok &= ~KSH_IGNORE_RDONLY0x4;
368 if ((vq->flag & RDONLY(1<<(10))) && !no_ro_check) {
15
Assuming the condition is false
369 warningf(true1, "%s: is read only", vq->name);
370 if (!error_ok)
371 errorf(NULL((void *)0));
372 return 0;
373 }
374 if (!(vq->flag&INTEGER(1<<(9)))) { /* string dest */
16
Assuming the condition is true
17
Taking true branch
375 if ((vq->flag&ALLOC(1<<(0)))) {
18
Assuming the condition is false
19
Taking false branch
376 /* debugging */
377 if (s >= vq->val.s &&
378 s <= vq->val.s + strlen(vq->val.s))
379 internal_errorf("%s: %s=%s: assigning to self",
380 __func__, vq->name, s);
381 afree(vq->val.s, vq->areap);
382 }
383 vq->flag &= ~(ISSET(1<<(2))|ALLOC(1<<(0)));
384 vq->type = 0;
385 if (s && (vq->flag & (UCASEV_AL(1<<(18))|LCASEV(1<<(17))|LJUST(1<<(14))|RJUST(1<<(15)))))
20
Assuming 's' is null
386 fs = s = formatstr(vq, s);
387 if ((vq->flag&EXPORT(1<<(3))))
21
Assuming the condition is true
22
Taking true branch
388 export(vq, s);
23
Passing null pointer value via 2nd parameter 'val'
24
Calling 'export'
389 else {
390 vq->val.s = str_save(s, vq->areap);
391 vq->flag |= ALLOC(1<<(0));
392 }
393 } else { /* integer dest */
394 if (!v_evaluate(vq, s, error_ok, true1))
395 return 0;
396 }
397 vq->flag |= ISSET(1<<(2));
398 if ((vq->flag&SPECIAL(1<<(8))))
399 setspec(vq);
400 afree((void *)fs, ATEMP&genv->area);
401 return 1;
402}
403
404/* set variable to integer */
405void
406setint(struct tbl *vq, int64_t n)
407{
408 if (!(vq->flag&INTEGER(1<<(9)))) {
409 struct tbl *vp = &vtemp;
410 vp->flag = (ISSET(1<<(2))|INTEGER(1<<(9)));
411 vp->type = 0;
412 vp->areap = ATEMP&genv->area;
413 vp->val.i = n;
414 /* setstr can't fail here */
415 setstr(vq, str_val(vp), KSH_RETURN_ERROR0x1);
416 } else
417 vq->val.i = n;
418 vq->flag |= ISSET(1<<(2));
419 if ((vq->flag&SPECIAL(1<<(8))))
420 setspec(vq);
421}
422
423int
424getint(struct tbl *vp, int64_t *nump, bool_Bool arith)
425{
426 char *s;
427 int c;
428 int base, neg;
429 int have_base = 0;
430 int64_t num;
431
432 if (vp->flag&SPECIAL(1<<(8)))
433 getspec(vp);
434 /* XXX is it possible for ISSET to be set and val.s to be 0? */
435 if (!(vp->flag&ISSET(1<<(2))) || (!(vp->flag&INTEGER(1<<(9))) && vp->val.s == NULL((void *)0)))
436 return -1;
437 if (vp->flag&INTEGER(1<<(9))) {
438 *nump = vp->val.i;
439 return vp->type;
440 }
441 s = vp->val.s + vp->type;
442 if (s == NULL((void *)0)) /* redundant given initial test */
443 s = null;
444 base = 10;
445 num = 0;
446 neg = 0;
447 if (arith && *s == '0' && *(s+1)) {
448 s++;
449 if (*s == 'x' || *s == 'X') {
450 s++;
451 base = 16;
452 } else if (vp->flag & ZEROFIL(1<<(16))) {
453 while (*s == '0')
454 s++;
455 } else
456 base = 8;
457 have_base++;
458 }
459 for (c = (unsigned char)*s++; c ; c = (unsigned char)*s++) {
460 if (c == '-') {
461 neg++;
462 } else if (c == '#') {
463 base = (int) num;
464 if (have_base || base < 2 || base > 36)
465 return -1;
466 num = 0;
467 have_base = 1;
468 } else if (letnum(c)(!!(ctypes[(unsigned char)(c)]&((1<<(0)))) || isdigit
((unsigned char)(c)))) {
469 if (isdigit(c))
470 c -= '0';
471 else if (islower(c))
472 c -= 'a' - 10; /* todo: assumes ascii */
473 else if (isupper(c))
474 c -= 'A' - 10; /* todo: assumes ascii */
475 else
476 c = -1; /* _: force error */
477 if (c < 0 || c >= base)
478 return -1;
479 num = num * base + c;
480 } else
481 return -1;
482 }
483 if (neg)
484 num = -num;
485 *nump = num;
486 return base;
487}
488
489/* convert variable vq to integer variable, setting its value from vp
490 * (vq and vp may be the same)
491 */
492struct tbl *
493setint_v(struct tbl *vq, struct tbl *vp, bool_Bool arith)
494{
495 int base;
496 int64_t num;
497
498 if ((base = getint(vp, &num, arith)) == -1)
499 return NULL((void *)0);
500 if (!(vq->flag & INTEGER(1<<(9))) && (vq->flag & ALLOC(1<<(0)))) {
501 vq->flag &= ~ALLOC(1<<(0));
502 afree(vq->val.s, vq->areap);
503 }
504 vq->val.i = num;
505 if (vq->type == 0) /* default base */
506 vq->type = base;
507 vq->flag |= ISSET(1<<(2))|INTEGER(1<<(9));
508 if (vq->flag&SPECIAL(1<<(8)))
509 setspec(vq);
510 return vq;
511}
512
513static char *
514formatstr(struct tbl *vp, const char *s)
515{
516 int olen, nlen;
517 char *p, *q;
518
519 olen = strlen(s);
520
521 if (vp->flag & (RJUST(1<<(15))|LJUST(1<<(14)))) {
522 if (!vp->u2.field) /* default field width */
523 vp->u2.field = olen;
524 nlen = vp->u2.field;
525 } else
526 nlen = olen;
527
528 p = alloc(nlen + 1, ATEMP&genv->area);
529 if (vp->flag & (RJUST(1<<(15))|LJUST(1<<(14)))) {
530 int slen;
531
532 if (vp->flag & RJUST(1<<(15))) {
533 const char *r = s + olen;
534 /* strip trailing spaces (at&t ksh uses r[-1] == ' ') */
535 while (r > s && isspace((unsigned char)r[-1]))
536 --r;
537 slen = r - s;
538 if (slen > vp->u2.field) {
539 s += slen - vp->u2.field;
540 slen = vp->u2.field;
541 }
542 shf_snprintf(p, nlen + 1,
543 ((vp->flag & ZEROFIL(1<<(16))) && digit(*s)isdigit((unsigned char)(*s))) ?
544 "%0*s%.*s" : "%*s%.*s",
545 vp->u2.field - slen, null, slen, s);
546 } else {
547 /* strip leading spaces/zeros */
548 while (isspace((unsigned char)*s))
549 s++;
550 if (vp->flag & ZEROFIL(1<<(16)))
551 while (*s == '0')
552 s++;
553 shf_snprintf(p, nlen + 1, "%-*.*s",
554 vp->u2.field, vp->u2.field, s);
555 }
556 } else
557 memcpy(p, s, olen + 1);
558
559 if (vp->flag & UCASEV_AL(1<<(18))) {
560 for (q = p; *q; q++)
561 if (islower((unsigned char)*q))
562 *q = toupper((unsigned char)*q);
563 } else if (vp->flag & LCASEV(1<<(17))) {
564 for (q = p; *q; q++)
565 if (isupper((unsigned char)*q))
566 *q = tolower((unsigned char)*q);
567 }
568
569 return p;
570}
571
572/*
573 * make vp->val.s be "name=value" for quick exporting.
574 */
575static void
576export(struct tbl *vp, const char *val)
577{
578 char *xp;
579 char *op = (vp->flag&ALLOC(1<<(0))) ? vp->val.s : NULL((void *)0);
25
Assuming the condition is false
26
'?' condition is false
580 int namelen = strlen(vp->name);
581 int vallen = strlen(val) + 1;
27
Null pointer passed as 1st argument to string length function
582
583 vp->flag |= ALLOC(1<<(0));
584 xp = alloc(namelen + 1 + vallen, vp->areap);
585 memcpy(vp->val.s = xp, vp->name, namelen);
586 xp += namelen;
587 *xp++ = '=';
588 vp->type = xp - vp->val.s; /* offset to value */
589 memcpy(xp, val, vallen);
590 afree(op, vp->areap);
591}
592
593/*
594 * lookup variable (according to (set&LOCAL)),
595 * set its attributes (INTEGER, RDONLY, EXPORT, TRACE, LJUST, RJUST, ZEROFIL,
596 * LCASEV, UCASEV_AL), and optionally set its value if an assignment.
597 */
598struct tbl *
599typeset(const char *var, int set, int clr, int field, int base)
600{
601 struct tbl *vp;
602 struct tbl *vpbase, *t;
603 char *tvar;
604 const char *val;
605
606 /* check for valid variable name, search for value */
607 val = skip_varname(var, false0);
608 if (val == var)
609 return NULL((void *)0);
610 if (*val == '[') {
611 int len;
612
613 len = array_ref_len(val);
614 if (len == 0)
615 return NULL((void *)0);
616 /* IMPORT is only used when the shell starts up and is
617 * setting up its environment. Allow only simple array
618 * references at this time since parameter/command substitution
619 * is preformed on the [expression], which would be a major
620 * security hole.
621 */
622 if (set & IMPORT(1<<(21))) {
623 int i;
624 for (i = 1; i < len - 1; i++)
625 if (!digit(val[i])isdigit((unsigned char)(val[i])))
626 return NULL((void *)0);
627 }
628 val += len;
629 }
630 if (*val == '=')
631 tvar = str_nsave(var, val++ - var, ATEMP&genv->area);
632 else {
633 /* Importing from original environment: must have an = */
634 if (set & IMPORT(1<<(21)))
635 return NULL((void *)0);
636 tvar = (char *) var;
637 val = NULL((void *)0);
638 }
639
640 /* Prevent typeset from creating a local PATH/ENV/SHELL */
641 if (Flag(FRESTRICTED)(shell_flags[(int) (FRESTRICTED)]) && (strcmp(tvar, "PATH") == 0 ||
642 strcmp(tvar, "ENV") == 0 || strcmp(tvar, "SHELL") == 0))
643 errorf("%s: restricted", tvar);
644
645 vp = (set&LOCAL(1<<(11))) ? local(tvar, (set & LOCAL_COPY(1<<(22))) ? true1 : false0) :
646 global(tvar);
647 set &= ~(LOCAL(1<<(11))|LOCAL_COPY(1<<(22)));
648
649 vpbase = (vp->flag & ARRAY(1<<(13))) ? global(arrayname(tvar)) : vp;
650
651 /* only allow export flag to be set. at&t ksh allows any attribute to
652 * be changed, which means it can be truncated or modified
653 * (-L/-R/-Z/-i).
654 */
655 if ((vpbase->flag&RDONLY(1<<(10))) &&
656 (val || clr || (set & ~EXPORT(1<<(3)))))
657 /* XXX check calls - is error here ok by POSIX? */
658 errorf("%s: is read only", tvar);
659 if (val)
660 afree(tvar, ATEMP&genv->area);
661
662 /* most calls are with set/clr == 0 */
663 if (set | clr) {
664 int ok = 1;
665 /* XXX if x[0] isn't set, there will be problems: need to have
666 * one copy of attributes for arrays...
667 */
668 for (t = vpbase; t; t = t->u.array) {
669 int fake_assign;
670 int error_ok = KSH_RETURN_ERROR0x1;
671 char *s = NULL((void *)0);
672 char *free_me = NULL((void *)0);
673
674 fake_assign = (t->flag & ISSET(1<<(2))) && (!val || t != vp) &&
675 ((set & (UCASEV_AL(1<<(18))|LCASEV(1<<(17))|LJUST(1<<(14))|RJUST(1<<(15))|ZEROFIL(1<<(16)))) ||
676 ((t->flag & INTEGER(1<<(9))) && (clr & INTEGER(1<<(9)))) ||
677 (!(t->flag & INTEGER(1<<(9))) && (set & INTEGER(1<<(9)))));
678 if (fake_assign) {
679 if (t->flag & INTEGER(1<<(9))) {
680 s = str_val(t);
681 free_me = NULL((void *)0);
682 } else {
683 s = t->val.s + t->type;
684 free_me = (t->flag & ALLOC(1<<(0))) ? t->val.s :
685 NULL((void *)0);
686 }
687 t->flag &= ~ALLOC(1<<(0));
688 }
689 if (!(t->flag & INTEGER(1<<(9))) && (set & INTEGER(1<<(9)))) {
690 t->type = 0;
691 t->flag &= ~ALLOC(1<<(0));
692 }
693 if (!(t->flag & RDONLY(1<<(10))) && (set & RDONLY(1<<(10)))) {
694 /* allow var to be initialized read-only */
695 error_ok |= KSH_IGNORE_RDONLY0x4;
696 }
697 t->flag = (t->flag | set) & ~clr;
698 /* Don't change base if assignment is to be done,
699 * in case assignment fails.
700 */
701 if ((set & INTEGER(1<<(9))) && base > 0 && (!val || t != vp))
702 t->type = base;
703 if (set & (LJUST(1<<(14))|RJUST(1<<(15))|ZEROFIL(1<<(16))))
704 t->u2.field = field;
705 if (fake_assign) {
706 if (!setstr(t, s, error_ok)) {
707 /* Somewhat arbitrary action here:
708 * zap contents of variable, but keep
709 * the flag settings.
710 */
711 ok = 0;
712 if (t->flag & INTEGER(1<<(9)))
713 t->flag &= ~ISSET(1<<(2));
714 else {
715 if (t->flag & ALLOC(1<<(0)))
716 afree(t->val.s, t->areap);
717 t->flag &= ~(ISSET(1<<(2))|ALLOC(1<<(0)));
718 t->type = 0;
719 }
720 }
721 afree(free_me, t->areap);
722 }
723 }
724 if (!ok)
725 errorf(NULL((void *)0));
726 }
727
728 if (val != NULL((void *)0)) {
729 if (vp->flag&INTEGER(1<<(9))) {
730 /* do not zero base before assignment */
731 setstr(vp, val, KSH_UNWIND_ERROR0x0 | KSH_IGNORE_RDONLY0x4);
732 /* Done after assignment to override default */
733 if (base > 0)
734 vp->type = base;
735 } else
736 /* setstr can't fail (readonly check already done) */
737 setstr(vp, val, KSH_RETURN_ERROR0x1 | KSH_IGNORE_RDONLY0x4);
738 }
739
740 /* only x[0] is ever exported, so use vpbase */
741 if ((vpbase->flag&EXPORT(1<<(3))) && !(vpbase->flag&INTEGER(1<<(9))) &&
742 vpbase->type == 0)
743 export(vpbase, (vpbase->flag&ISSET(1<<(2))) ? vpbase->val.s : null);
744
745 return vp;
746}
747
748/* Unset a variable. array_ref is set if there was an array reference in
749 * the name lookup (eg, x[2]).
750 */
751void
752unset(struct tbl *vp, int array_ref)
753{
754 if (vp->flag & ALLOC(1<<(0)))
755 afree(vp->val.s, vp->areap);
756 if ((vp->flag & ARRAY(1<<(13))) && !array_ref) {
757 struct tbl *a, *tmp;
758
759 /* Free up entire array */
760 for (a = vp->u.array; a; ) {
761 tmp = a;
762 a = a->u.array;
763 if (tmp->flag & ALLOC(1<<(0)))
764 afree(tmp->val.s, tmp->areap);
765 afree(tmp, tmp->areap);
766 }
767 vp->u.array = NULL((void *)0);
768 }
769 /* If foo[0] is being unset, the remainder of the array is kept... */
770 vp->flag &= SPECIAL(1<<(8)) | (array_ref ? ARRAY(1<<(13))|DEFINED(1<<(1)) : 0);
771 if (vp->flag & SPECIAL(1<<(8)))
772 unsetspec(vp); /* responsible for `unspecial'ing var */
773}
774
775/* return a pointer to the first char past a legal variable name (returns the
776 * argument if there is no legal name, returns * a pointer to the terminating
777 * null if whole string is legal).
778 */
779char *
780skip_varname(const char *s, int aok)
781{
782 int alen;
783
784 if (s && letter(*s)!!(ctypes[(unsigned char)(*s)]&((1<<(0))))) {
785 while (*++s && letnum(*s)(!!(ctypes[(unsigned char)(*s)]&((1<<(0)))) || isdigit
((unsigned char)(*s))))
786 ;
787 if (aok && *s == '[' && (alen = array_ref_len(s)))
788 s += alen;
789 }
790 return (char *) s;
791}
792
793/* Return a pointer to the first character past any legal variable name. */
794char *
795skip_wdvarname(const char *s,
796 int aok) /* skip array de-reference? */
797{
798 if (s[0] == CHAR1 && letter(s[1])!!(ctypes[(unsigned char)(s[1])]&((1<<(0))))) {
799 do {
800 s += 2;
801 } while (s[0] == CHAR1 && letnum(s[1])(!!(ctypes[(unsigned char)(s[1])]&((1<<(0)))) || isdigit
((unsigned char)(s[1]))));
802 if (aok && s[0] == CHAR1 && s[1] == '[') {
803 /* skip possible array de-reference */
804 const char *p = s;
805 char c;
806 int depth = 0;
807
808 while (1) {
809 if (p[0] != CHAR1)
810 break;
811 c = p[1];
812 p += 2;
813 if (c == '[')
814 depth++;
815 else if (c == ']' && --depth == 0) {
816 s = p;
817 break;
818 }
819 }
820 }
821 }
822 return (char *) s;
823}
824
825/* Check if coded string s is a variable name */
826int
827is_wdvarname(const char *s, int aok)
828{
829 char *p = skip_wdvarname(s, aok);
830
831 return p != s && p[0] == EOS0;
832}
833
834/* Check if coded string s is a variable assignment */
835int
836is_wdvarassign(const char *s)
837{
838 char *p = skip_wdvarname(s, true1);
839
840 return p != s && p[0] == CHAR1 && p[1] == '=';
841}
842
843/*
844 * Make the exported environment from the exported names in the dictionary.
845 */
846char **
847makenv(void)
848{
849 struct block *l;
850 XPtrV env;
851 struct tbl *vp, **vpp;
852 int i;
853
854 XPinit(env, 64)do { void **vp__; vp__ = areallocarray(((void *)0), 64, sizeof
(void *), &genv->area); (env).cur = (env).beg = vp__; (
env).end = vp__ + 64; } while (0);
1
Loop condition is false. Exiting loop
855 for (l = genv->loc; l != NULL((void *)0); l = l->next)
2
Assuming 'l' is not equal to NULL
3
Loop condition is true. Entering loop body
856 for (vpp = l->vars.tbls, i = l->vars.size; --i >= 0; )
4
Assuming the condition is true
857 if ((vp = *vpp++) != NULL((void *)0) &&
5
Assuming the condition is true
7
Taking true branch
858 (vp->flag&(ISSET(1<<(2))|EXPORT(1<<(3)))) == (ISSET(1<<(2))|EXPORT(1<<(3)))) {
6
Assuming the condition is true
859 struct block *l2;
860 struct tbl *vp2;
861 unsigned int h = hash(vp->name);
862
863 /* unexport any redefined instances */
864 for (l2 = l->next; l2 != NULL((void *)0); l2 = l2->next) {
8
Assuming 'l2' is equal to NULL
9
Loop condition is false. Execution continues on line 869
865 vp2 = ktsearch(&l2->vars, vp->name, h);
866 if (vp2 != NULL((void *)0))
867 vp2->flag &= ~EXPORT(1<<(3));
868 }
869 if ((vp->flag&INTEGER(1<<(9)))) {
10
Assuming the condition is true
11
Taking true branch
870 /* integer to string */
871 char *val;
872 val = str_val(vp);
12
Value assigned to 'val'
873 vp->flag &= ~(INTEGER(1<<(9))|RDONLY(1<<(10)));
874 /* setstr can't fail here */
875 setstr(vp, val, KSH_RETURN_ERROR0x1);
13
Passing value via 2nd parameter 's'
14
Calling 'setstr'
876 }
877 XPput(env, vp->val.s)do { if ((env).cur >= (env).end) { int n = ((env).cur - (env
).beg); (env).beg = areallocarray((env).beg, n, 2 * sizeof(void
*), &genv->area); (env).cur = (env).beg + n; (env).end
= (env).cur + n; } *(env).cur++ = (vp->val.s); } while (0
);
878 }
879 XPput(env, NULL)do { if ((env).cur >= (env).end) { int n = ((env).cur - (env
).beg); (env).beg = areallocarray((env).beg, n, 2 * sizeof(void
*), &genv->area); (env).cur = (env).beg + n; (env).end
= (env).cur + n; } *(env).cur++ = (((void *)0)); } while (0);
880 return (char **) XPclose(env)areallocarray((env).beg, ((env).cur - (env).beg), sizeof(void
*), &genv->area);
881}
882
883/*
884 * Called after a fork in parent to bump the random number generator.
885 * Done to ensure children will not get the same random number sequence
886 * if the parent doesn't use $RANDOM.
887 */
888void
889change_random(void)
890{
891 rand();
892}
893
894/*
895 * handle special variables with side effects - PATH, SECONDS.
896 */
897
898/* Test if name is a special parameter */
899static int
900special(const char *name)
901{
902 struct tbl *tp;
903
904 tp = ktsearch(&specials, name, hash(name));
905 return tp && (tp->flag & ISSET(1<<(2))) ? tp->type : V_NONE0;
906}
907
908/* Make a variable non-special */
909static void
910unspecial(const char *name)
911{
912 struct tbl *tp;
913
914 tp = ktsearch(&specials, name, hash(name));
915 if (tp)
916 ktdelete(tp);
917}
918
919static struct timespec seconds; /* time SECONDS last set */
920static int user_lineno; /* what user set $LINENO to */
921
922static void
923getspec(struct tbl *vp)
924{
925 switch (special(vp->name)) {
926 case V_SECONDS3:
927 vp->flag &= ~SPECIAL(1<<(8));
928 /* On start up the value of SECONDS is used before seconds
929 * has been set - don't do anything in this case
930 * (see initcoms[] in main.c).
931 */
932 if (vp->flag & ISSET(1<<(2))) {
933 struct timespec difference, now;
934
935 clock_gettime(CLOCK_MONOTONIC3, &now);
936 timespecsub(&now, &seconds, &difference)do { (&difference)->tv_sec = (&now)->tv_sec - (
&seconds)->tv_sec; (&difference)->tv_nsec = (&
now)->tv_nsec - (&seconds)->tv_nsec; if ((&difference
)->tv_nsec < 0) { (&difference)->tv_sec--; (&
difference)->tv_nsec += 1000000000L; } } while (0);
937 setint(vp, (int64_t)difference.tv_sec);
938 }
939 vp->flag |= SPECIAL(1<<(8));
940 break;
941 case V_RANDOM8:
942 vp->flag &= ~SPECIAL(1<<(8));
943 setint(vp, (int64_t) (rand() & 0x7fff));
944 vp->flag |= SPECIAL(1<<(8));
945 break;
946 case V_HISTSIZE10:
947 vp->flag &= ~SPECIAL(1<<(8));
948 setint(vp, (int64_t) histsize);
949 vp->flag |= SPECIAL(1<<(8));
950 break;
951 case V_OPTIND4:
952 vp->flag &= ~SPECIAL(1<<(8));
953 setint(vp, (int64_t) user_opt.uoptind);
954 vp->flag |= SPECIAL(1<<(8));
955 break;
956 case V_LINENO18:
957 vp->flag &= ~SPECIAL(1<<(8));
958 setint(vp, (int64_t) current_lineno + user_lineno);
959 vp->flag |= SPECIAL(1<<(8));
960 break;
961 }
962}
963
964static void
965setspec(struct tbl *vp)
966{
967 char *s;
968
969 switch (special(vp->name)) {
970 case V_PATH1:
971 afree(search_path, APERM&aperm);
972 search_path = str_save(str_val(vp), APERM&aperm);
973 flushcom(1); /* clear tracked aliases */
974 break;
975 case V_IFS2:
976 setctypes(s = str_val(vp), C_IFS(1<<(7)));
977 ifs0 = *s;
978 break;
979 case V_OPTIND4:
980 vp->flag &= ~SPECIAL(1<<(8));
981 getopts_reset((int) intval(vp));
982 vp->flag |= SPECIAL(1<<(8));
983 break;
984 case V_POSIXLY_CORRECT15:
985 change_flag(FPOSIX, OF_SPECIAL0x04, 1);
986 break;
987 case V_TMPDIR17:
988 afree(tmpdir, APERM&aperm);
989 tmpdir = NULL((void *)0);
990 /* Use tmpdir iff it is an absolute path, is writable and
991 * searchable and is a directory...
992 */
993 {
994 struct stat statb;
995
996 s = str_val(vp);
997 if (s[0] == '/' && access(s, W_OK0x02|X_OK0x01) == 0 &&
998 stat(s, &statb) == 0 && S_ISDIR(statb.st_mode)((statb.st_mode & 0170000) == 0040000))
999 tmpdir = str_save(s, APERM&aperm);
1000 }
1001 break;
1002 case V_HISTCONTROL9:
1003 sethistcontrol(str_val(vp));
1004 break;
1005 case V_HISTSIZE10:
1006 vp->flag &= ~SPECIAL(1<<(8));
1007 sethistsize((int) intval(vp));
1008 vp->flag |= SPECIAL(1<<(8));
1009 break;
1010 case V_HISTFILE11:
1011 sethistfile(str_val(vp));
1012 break;
1013 case V_VISUAL12:
1014 set_editmode(str_val(vp));
1015 break;
1016 case V_EDITOR13:
1017 if (!(global("VISUAL")->flag & ISSET(1<<(2))))
1018 set_editmode(str_val(vp));
1019 break;
1020 case V_COLUMNS14:
1021 {
1022 int64_t l;
1023
1024 if (getint(vp, &l, false0) == -1) {
1025 x_cols = MIN_COLS(2 + 7 + 3);
1026 break;
1027 }
1028 if (l <= MIN_COLS(2 + 7 + 3) || l > INT_MAX0x7fffffff)
1029 x_cols = MIN_COLS(2 + 7 + 3);
1030 else
1031 x_cols = l;
1032 }
1033 break;
1034#ifndef SMALL
1035 case V_MAIL5:
1036 mbset(str_val(vp));
1037 break;
1038 case V_MAILPATH6:
1039 mpset(str_val(vp));
1040 break;
1041 case V_MAILCHECK7:
1042 vp->flag &= ~SPECIAL(1<<(8));
1043 mcset(intval(vp));
1044 vp->flag |= SPECIAL(1<<(8));
1045 break;
1046#endif /* SMALL */
1047 case V_RANDOM8:
1048 vp->flag &= ~SPECIAL(1<<(8));
1049 srand_deterministic((unsigned int)intval(vp));
1050 vp->flag |= SPECIAL(1<<(8));
1051 break;
1052 case V_SECONDS3:
1053 vp->flag &= ~SPECIAL(1<<(8));
1054 clock_gettime(CLOCK_MONOTONIC3, &seconds);
1055 seconds.tv_sec -= intval(vp);
1056 vp->flag |= SPECIAL(1<<(8));
1057 break;
1058 case V_TMOUT16:
1059 /* Enforce integer to avoid command execution from initcoms[] */
1060 vp->flag &= ~SPECIAL(1<<(8));
1061 intval(vp);
1062 vp->flag |= SPECIAL(1<<(8));
1063 /* at&t ksh seems to do this (only listen if integer) */
1064 if (vp->flag & INTEGER(1<<(9)))
1065 ksh_tmout = vp->val.i >= 0 ? vp->val.i : 0;
1066 break;
1067 case V_LINENO18:
1068 vp->flag &= ~SPECIAL(1<<(8));
1069 /* The -1 is because line numbering starts at 1. */
1070 user_lineno = (unsigned int) intval(vp) - current_lineno - 1;
1071 vp->flag |= SPECIAL(1<<(8));
1072 break;
1073 case V_TERM19:
1074#ifndef SMALL
1075 {
1076 int ret;
1077
1078 vp->flag &= ~SPECIAL(1<<(8));
1079 if (setupterm(str_val(vp), shl_out(&shf_iob[2])->fd, &ret) == ERR(-1))
1080 del_curterm(cur_term);
1081 vp->flag |= SPECIAL(1<<(8));
1082 }
1083#endif
1084 break;
1085 }
1086}
1087
1088static void
1089unsetspec(struct tbl *vp)
1090{
1091 switch (special(vp->name)) {
1092 case V_PATH1:
1093 afree(search_path, APERM&aperm);
1094 search_path = str_save(def_path, APERM&aperm);
1095 flushcom(1); /* clear tracked aliases */
1096 break;
1097 case V_IFS2:
1098 setctypes(" \t\n", C_IFS(1<<(7)));
1099 ifs0 = ' ';
1100 break;
1101 case V_TMPDIR17:
1102 /* should not become unspecial */
1103 afree(tmpdir, APERM&aperm);
1104 tmpdir = NULL((void *)0);
1105 break;
1106#ifndef SMALL
1107 case V_MAIL5:
1108 mbset(NULL((void *)0));
1109 break;
1110 case V_MAILPATH6:
1111 mpset(NULL((void *)0));
1112 break;
1113#endif /* SMALL */
1114 case V_HISTCONTROL9:
1115 sethistcontrol(NULL((void *)0));
1116 break;
1117 case V_LINENO18:
1118#ifndef SMALL
1119 case V_MAILCHECK7: /* at&t ksh leaves previous value in place */
1120#endif /* SMALL */
1121 case V_RANDOM8:
1122 case V_SECONDS3:
1123 case V_TMOUT16: /* at&t ksh leaves previous value in place */
1124 unspecial(vp->name);
1125 break;
1126
1127 /* at&t ksh man page says OPTIND, OPTARG and _ lose special meaning,
1128 * but OPTARG does not (still set by getopts) and _ is also still
1129 * set in various places.
1130 * Don't know what at&t does for:
1131 * MAIL, MAILPATH, HISTSIZE, HISTFILE,
1132 * Unsetting these in at&t ksh does not loose the `specialness':
1133 * no effect: IFS, COLUMNS, PATH, TMPDIR,
1134 * VISUAL, EDITOR,
1135 * pdkshisms: no effect:
1136 * POSIXLY_CORRECT (use set +o posix instead)
1137 */
1138 }
1139}
1140
1141/*
1142 * Search for (and possibly create) a table entry starting with
1143 * vp, indexed by val.
1144 */
1145static struct tbl *
1146arraysearch(struct tbl *vp, int val)
1147{
1148 struct tbl *prev, *curr, *new;
1149 size_t namelen = strlen(vp->name) + 1;
1150
1151 vp->flag |= ARRAY(1<<(13))|DEFINED(1<<(1));
1152 vp->index = 0;
1153 /* The table entry is always [0] */
1154 if (val == 0)
1155 return vp;
1156 prev = vp;
1157 curr = vp->u.array;
1158 while (curr && curr->index < val) {
1159 prev = curr;
1160 curr = curr->u.array;
1161 }
1162 if (curr && curr->index == val) {
1163 if (curr->flag&ISSET(1<<(2)))
1164 return curr;
1165 else
1166 new = curr;
1167 } else
1168 new = alloc(sizeof(struct tbl) + namelen,
1169 vp->areap);
1170 strlcpy(new->name, vp->name, namelen);
1171 new->flag = vp->flag & ~(ALLOC(1<<(0))|DEFINED(1<<(1))|ISSET(1<<(2))|SPECIAL(1<<(8)));
1172 new->type = vp->type;
1173 new->areap = vp->areap;
1174 new->u2.field = vp->u2.field;
1175 new->index = val;
1176 if (curr != new) { /* not reusing old array entry */
1177 prev->u.array = new;
1178 new->u.array = curr;
1179 }
1180 return new;
1181}
1182
1183/* Return the length of an array reference (eg, [1+2]) - cp is assumed
1184 * to point to the open bracket. Returns 0 if there is no matching closing
1185 * bracket.
1186 */
1187int
1188array_ref_len(const char *cp)
1189{
1190 const char *s = cp;
1191 int c;
1192 int depth = 0;
1193
1194 while ((c = *s++) && (c != ']' || --depth))
1195 if (c == '[')
1196 depth++;
1197 if (!c)
1198 return 0;
1199 return s - cp;
1200}
1201
1202/*
1203 * Make a copy of the base of an array name
1204 */
1205char *
1206arrayname(const char *str)
1207{
1208 const char *p;
1209
1210 if ((p = strchr(str, '[')) == 0)
1211 /* Shouldn't happen, but why worry? */
1212 return (char *) str;
1213
1214 return str_nsave(str, p - str, ATEMP&genv->area);
1215}
1216
1217/* Set (or overwrite, if !reset) the array variable var to the values in vals.
1218 */
1219void
1220set_array(const char *var, int reset, char **vals)
1221{
1222 struct tbl *vp, *vq;
1223 int i;
1224
1225 /* to get local array, use "typeset foo; set -A foo" */
1226 vp = global(var);
1227
1228 /* Note: at&t ksh allows set -A but not set +A of a read-only var */
1229 if ((vp->flag&RDONLY(1<<(10))))
1230 errorf("%s: is read only", var);
1231 /* This code is quite non-optimal */
1232 if (reset > 0)
1233 /* trash existing values and attributes */
1234 unset(vp, 0);
1235 /* todo: would be nice for assignment to completely succeed or
1236 * completely fail. Only really effects integer arrays:
1237 * evaluation of some of vals[] may fail...
1238 */
1239 for (i = 0; vals[i]; i++) {
1240 vq = arraysearch(vp, i);
1241 /* would be nice to deal with errors here... (see above) */
1242 setstr(vq, vals[i], KSH_RETURN_ERROR0x1);
1243 }
1244}