Eric Blake <ebb9 <at> byu.net> writes:
I'm still thinking about how best to patch this. I know gnulib
provides the
stdio-safer module (and friends) that guarantee that stdio
functions like
fopen
don't reuse fd's 0, 1, or 2 (and hence that stdin, stdout, and
stderr remain
closed if they started life closed). I also know that gnulib
provides the
closeout module, which we should probably be using (and issue an
error if any
output was attempted to stdout when it was already closed).
Even with my earlier patches, I'm still finding issues. For example:
$ m4 | cat -s
divert(-1)
define(`f',`
')
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
define(`f',defn(`f')defn(`f'))
divert(1)
f
divert
syscmd(echo hi >&3)
hi
$
Oops - we didn't set the fd of our temporary file to close-on-exec,
so the
child process inherited it and was able to pollute it.
--
Eric Blake
_______________________________________________
Bug-m4 mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/bug-m4