MFC r297360: sh: Fix use-after-free if a trap replaces itself.

The mergeinfo for this commit was accidentally added to the previous commit.

3 files changed, 15 insertions, 1 deletions

diff --git a/bin/sh/tests/builtins/Makefile b/bin/sh/tests/builtins/Makefile
index 527c1b3..78b0b0c 100644
--- a/bin/sh/tests/builtins/Makefile
+++ b/bin/sh/tests/builtins/Makefile
@@ -127,6 +127,7 @@ FILES+=		trap11.0
 FILES+=		trap12.0
 FILES+=		trap13.0
 FILES+=		trap14.0
+FILES+=		trap17.0
 FILES+=		trap2.0
 FILES+=		trap3.0
 FILES+=		trap4.0
diff --git a/bin/sh/tests/builtins/trap17.0 b/bin/sh/tests/builtins/trap17.0
new file mode 100644
index 0000000..89be893
--- /dev/null
+++ b/bin/sh/tests/builtins/trap17.0
@@ -0,0 +1,10 @@
+# $FreeBSD$
+# This use-after-free bug probably needs non-default settings to show up.
+
+v1=nothing v2=nothing
+trap 'trap "echo bad" USR1
+v1=trap_received
+v2=trap_invoked
+:' USR1
+kill -USR1 "$$"
+[ "$v1.$v2" = trap_received.trap_invoked ]
diff --git a/bin/sh/trap.c b/bin/sh/trap.c
index 8ea3b12..dbc6ba2 100644
--- a/bin/sh/trap.c
+++ b/bin/sh/trap.c
@@ -403,6 +403,7 @@ onsig(int signo)
 void
 dotrap(void)
 {
+	struct stackmark smark;
 	int i;
 	int savestatus, prev_evalskip, prev_skipcount;
 
@@ -436,7 +437,9 @@ dotrap(void)
 
 					last_trapsig = i;
 					savestatus = exitstatus;
-					evalstring(trap[i], 0);
+					setstackmark(&smark);
+					evalstring(stsavestr(trap[i]), 0);
+					popstackmark(&smark);
 
 					/*
 					 * If such a command was not