Path: csiph.com!goblin3!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail From: Mike Gerwitz Newsgroups: gnu.bash.bug Subject: Re: Segfault on recursive trap/kill Date: Sat, 06 Oct 2018 19:53:25 -0400 Lines: 60 Approved: bug-bash@gnu.org Message-ID: References: <8736tj3llu.fsf@gnu.org> <25389056-9fcf-1d31-36d8-13098769a43a@case.edu> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Trace: usenet.stanford.edu 1538870105 32719 208.118.235.17 (6 Oct 2018 23:55:05 GMT) X-Complaints-To: action@cs.stanford.edu Cc: bug-bash@gnu.org To: Chet Ramey Envelope-to: bug-bash@gnu.org In-Reply-To: <25389056-9fcf-1d31-36d8-13098769a43a@case.edu> (Chet Ramey's message of "Sat, 6 Oct 2018 12:33:22 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) OpenPGP: id=22175B02E626BC98D7C0C2E5F22BB8158EE30EAB X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.bash.bug:14691 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Sat, Oct 06, 2018 at 12:33:22 -0400, Chet Ramey wrote: > On 10/5/18 9:33 PM, Mike Gerwitz wrote: >> The following code will cause a segfault on bash-4.4.19(1) on >> GNU=C2=A0Guix. I reproduced the issue on an old Ubuntu 14.04 LTS running >> bash-4.3.11(1) as well as a Trisquel system running the same version. >>=20 >> bash -c 'trap "kill 0" TERM; kill 0' >>=20 >> Also segfaults when replacing `0' with `$$', and presumably in any other >> situation that would trigger the trap recursively. > > Yes. Bash has allowed recursive trap handlers since early 2014 (pre-4.3) > due to requests for the feature and compatibility with other shells that > allow it. > > If you manage to create infinite recursion, bash won't stop you. Sure, I agree that the feature is useful, but are you saying that terminating with a segfault is the intended behavior for runaway recursion? Upon further inspection, it does look like `foo() { foo; }; foo' also causes a segfault, so the behavior is consistent with trap recursion. As long as there is no exploitable flaw here, then I suppose this isn't a problem; it's just that most users assume that a segfault represents a problem with the program (unless they're dealing with their own memory management). I haven't inspected the code to see if this is an access violation or if Bash is intentionally signaling SIGSEGV. In any case, thanks for the reply. =2D-=20 Mike Gerwitz --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJbuUr1AAoJEIyRe39dxRuiFr4P/j8dcfbQ8zvVaUXuhu1VdgQm G+1SfMkKQ1iEApNwlskC1x02MRTbbLR3SkKxFJvlOita2eu301rJdMm4nkWwg//g 0lAhSexMgDZUeUKaIlPi50KQDCxDisMgFa5nMGxDIOGfus2eW+A+2KX1Z/kwlZaB lV0y5rPf2kwda7UDbNhvgYnM6BLzwuqKu4p3XmXMnc8z+Vnysqt2vG4FZxAPZIf+ OdfBdXDlxReRtkeM/nL4blARH/OafUacwl1meba6i5Uf5FirXoPTn3Nk7kfs+obu EzGW5ux3NgXlI5WdKVXU2bGJLrAi3KikP6Xb2D/xE+74lv+K5DHi2BMaDoV3o0DY hZKdzNKVwDr5SLc2CGGrDAU4E4/ZqipNhOUvEOqCbSoc+z+Ymh3E8oNBvFho4xoR 25D3I2O8pbOeRRQWF/hh4X6fSkHzM/lzKJ95I4RriTgpVJuy3xADAQ2FjhID5uPK y1/dHrK2nE9xFk80v/zyDHwmw9QCF0B0+W8mAZF8V3ZHRhwbsWtZMP3fd2EZ6rrB tBA7zTdUIprXvk+ZNjo2wBehrj8+U51x7FLegIvV1oD7idB8BVP3tcmmPQNSAzN7 xBnOH58W/yAOetpWpZtk3WSpT7rJIUI3n6U8flhgwUyicgkA2fwo9K12zW8bmMnM 2Ji2SLbWgodVZZEWtsM2 =fQw/ -----END PGP SIGNATURE----- --=-=-=--