Fix crash in get/getn disciplines; document getn (re: 2a43cbc)

Reproducer: see the test added in tests/variables.sh.

Analysis: The global 'struct blocked *blist' variable in nvdisc.c,
which is the starting point for all the bp pointers, gets
invalidated when the arithmetic subsystem throws an error in the
reproducer. Which is obvious, because the struct blocked items in
the list are all local/automatic variables in the assign() and
lookup() functions, which no longer exist after a longjmp.

The root problem is that an error is thrown during the nv_getn()
call, so that block_done() is not getting called after the longjmp,
so the global blist variable is not reset, causing a probable crash
on any subsequent use of a discipline function.

src/cmd/ksh93/sh/nvdisc.c: lookup():
- Delay calling nv_getv or nv_getn until after restoring all
  state, including after calling block_done().

src/cmd/ksh93/sh.1:
- Finally add documentation for the getn discipline.

Resolves: #435

Author: McDutchie

NEWS

@@ -2,6 +2,10 @@ This documents significant changes in the 1.0 branch of ksh 93u+m.
 For full details, see the git log at: https://github.com/ksh93/ksh/tree/1.0
 Uppercase BUG_* IDs are shell bug IDs as used by the Modernish shell library.
 
+2024-08-21:
+
+- Fixed a corner-case crashing bug in shell discipline functions.
+
 2024-08-19:
 
 - Fixed a corner-case bug: for an empty set of positional parameters,

src/cmd/ksh93/include/version.h

@@ -18,7 +18,7 @@
 
 #define SH_RELEASE_FORK	"93u+m"		/* only change if you develop a new ksh93 fork */
 #define SH_RELEASE_SVER	"1.0.11-beta"	/* semantic version number: https://semver.org */
-#define SH_RELEASE_DATE	"2024-08-19"	/* must be in this format for $((.sh.version)) */
+#define SH_RELEASE_DATE	"2024-08-21"	/* must be in this format for $((.sh.version)) */
 #define SH_RELEASE_CPYR	"(c) 2020-2024 Contributors to ksh " SH_RELEASE_FORK
 
 /* Scripts sometimes field-split ${.sh.version}, so don't change amount of whitespace. */

src/cmd/ksh93/sh.1

@@ -4135,18 +4135,33 @@ file.
 .SS Discipline Functions.
 Each variable can have zero or more discipline functions
 associated with it.
-The shell initially understands the discipline names \f3get\fP,
-\f3set\fP, \f3append\fP, and \f3unset\fP but can be added
-when defining new types.  On most systems
+The shell initially understands the discipline names
+\f3get\fP, \f3getn\fP, \f3set\fP, \f3append\fP, and \f3unset\fP,
+but new disciplines can be added
+when defining new types. On most systems,
 others can be added at run time via the
 C programming interface extension provided by the
 .B builtin
 built-in utility.
+.PP
 If the \f3get\fP discipline is defined for a variable, it is invoked
 whenever the given variable is referenced.
 If the variable \f3.sh.value\fP is assigned a value inside
 the discipline function, the referenced variable will evaluate
 to this value instead.
+If the \f3getn\fP discipline is defined for a variable, it is invoked
+in preference to \f3get\fP whenever the given variable is referenced
+in an arithmetic expression.
+The variable \f3.sh.value\fP is assigned the
+.B \-F
+attribute
+inside \f3getn\fP discipline functions
+(see
+.B typeset
+under
+.I "Builtin Commands"
+below).
+Otherwise, it works like it does for \f3get\fP disciplines.
 If the \f3set\fP discipline is defined for a variable, it is invoked
 whenever the given variable is assigned a value.
 If the \f3append\fP discipline is defined for a variable, it is invoked
@@ -4180,7 +4195,6 @@ Finally, the expansion \f3${\fP\f2var\^\fP\f3.\fP\f2name\^\fP\f3}\fP,
 when \f2name\^\fP is the name of a discipline, and there is
 no variable of this name, is equivalent to the command substitution
 \f3${ \fP\f2var\^\fP\f3.\fP\f2name\^\fP\f3;}\fP.
-
 .SS Name Spaces.
 Commands and functions that are executed as part of the
 .I list\^
@@ -4220,7 +4234,6 @@ By default, variables starting with
 \fB\s+2.\s-2sh\fP are in the
 .B sh
 name space.
-
 .SS Type Variables.
 Typed variables provide a way to create data structure and objects.
 A type can be defined either by a shared library, by the

src/cmd/ksh93/sh/nvdisc.c

@@ -434,13 +434,6 @@ static char*	lookup(Namval_t *np, int type, Sfdouble_t *dp,Namfun_t *handle)
 	}
 	if(nv_isarray(np))
 		np->nvalue.up = up;
-	if(!cp)
-	{
-		if(type==LOOKUPS)
-			cp = nv_getv(np,handle);
-		else
-			*dp = nv_getn(np,handle);
-	}
 	if(bp== &block)
 		block_done(bp);
 	if(nq && nq->nvalue.rp && nq->nvalue.rp->running==1)
@@ -451,6 +444,14 @@ static char*	lookup(Namval_t *np, int type, Sfdouble_t *dp,Namfun_t *handle)
 	if(jmpval >= SH_JMPFUN)
 		siglongjmp(*sh.jmplist,jmpval);
 	sh_sigcheck();
+	/* nv_get{v,n} may throw an error and longjmp, so must come after restoring all state */
+	if(!cp)
+	{
+		if(type==LOOKUPS)
+			cp = nv_getv(np,handle);
+		else
+			*dp = nv_getn(np,handle);
+	}
 	return cp;
 }
 

src/cmd/ksh93/tests/variables.sh

@@ -1619,5 +1619,18 @@ got=$(set +x; { "$SHELL" -c '
 	"(expected status 0, $(printf %q "$exp");" \
 	"got status $e$( ((e>128)) && print -n /SIG && kill -l "$e"), $(printf %q "$got"))"
 
+# ======
+# https://github.com/ksh93/ksh/issues/435
+"$SHELL" <<\EOF >/dev/null 2>&1; (((e=$?)==1)) || err_exit "getn/get discipline crash" \
+	"(expected status 1, got status $e$( ((e>128)) && print -n /SIG && kill -l "$e"))"
+unset nonexistent_var
+foo=nonexistent_var
+foo.getn() { :; }
+foo.get() { :; }
+unset -f foo.getn
+trap 'echo $((foo))' EXIT   # throw the echo $((foo)) 'unset parameter' error twice
+echo $((foo))
+EOF
+
 # ======
 exit $((Errors<125?Errors:125))