Path: csiph.com!optima2.xanadu-bbs.net!xanadu-bbs.net!enother.net!enother.net!peer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail
From: Chet Ramey <chet.ramey@case.edu>
Newsgroups: gnu.bash.bug
Subject: Re: segfault in extract_delimited_string () at subst.c:1291 (bash 4.4.0(1)-beta)
Date: Sat, 19 Sep 2015 18:22:19 -0400
Organization: ITS, Case Western Reserve University
Lines: 16
Approved: bug-bash@gnu.org
Message-ID: <mailman.1420.1442701347.19560.bug-bash@gnu.org>
References: <CANMVOuzGiZzFEC-OP=3Uw=FUab06qg4DZY+fG4L4aLCeJgxKig@mail.gmail.com>
Reply-To: chet.ramey@case.edu
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Trace: usenet.stanford.edu 1442701347 6691 208.118.235.17 (19 Sep 2015 22:22:27 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: chet.ramey@case.edu
To: Brian Carpenter <brian.carpenter@gmail.com>, bug-bash@gnu.org
Envelope-to: bug-bash@gnu.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To: <CANMVOuzGiZzFEC-OP=3Uw=FUab06qg4DZY+fG4L4aLCeJgxKig@mail.gmail.com>
X-Junkmail-Whitelist: YES (by domain whitelist at mpv1.tis.cwru.edu)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
X-Received-From: 129.22.105.36
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Received-Bytes: 2594
X-Received-Body-CRC: 3084995369
Xref: csiph.com gnu.bash.bug:11511

On 9/19/15 12:22 PM, Brian Carpenter wrote:
> While fuzzing bash 4.4.0(1)-beta compiled from the devel branch, I found a
> 'script' that causes a segfault. The attached also crashes bash
> 4.2.37(1)-release. The file is 1012B in size and I was unable to minimize
> it any further using the afl-tmin tool that comes with the AFL fuzzer.

Thanks for the report.  This doesn't crash my latest devel version, but
I will look and see if there's a different bug to fix.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/