Memory fault when attempting to run /dev/fd/1 as a script #877
Description
Reproducer with trace from ASan:
arch/linux.i386-64/bin/ksh /dev/fd/1
/home/johno/GitRepos/KornShell/ksh/src/lib/libast/cdt/dtstrhash.c:40:19: runtime error: unsigned integer overflow: 2166136238 * 16777619 cannot be represented in type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/johno/GitRepos/KornShell/ksh/src/lib/libast/cdt/dtstrhash.c:40:19
/home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/fcin.c:60:64: runtime error: applying non-zero offset 65536 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/fcin.c:60:64
AddressSanitizer:DEADLYSIGNAL
=================================================================
==999828==ERROR: AddressSanitizer: SEGV on unknown address 0x000000010000 (pc 0x6476f8d73cdf bp 0x7ffc0c5c8750 sp 0x7ffc0c5c8660 T0)
==999828==The signal is caused by a WRITE memory access.
#0 0x6476f8d73cdf in fcfopen /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/fcin.c:62:17
#1 0x6476f8efb69d in sh_parse /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/parse.c:413:5
#2 0x6476f8cb0851 in exfile /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/main.c:582:18
#3 0x6476f8ca8ef3 in sh_main /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/main.c:348:2
#4 0x6476f8ca3420 in main /home/johno/GitRepos/KornShell/ksh/src/cmd/ksh93/sh/pmain.c:41:2
This crash was first introduced in ksh93u- 2010-06-25 when the following line was added to sh_ioinit:
Line 473 in 9e2e6ca
I'm currently unsure why that sh_iostream call causes the buffer for fcin to become invalid.