Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #15196
| Path | csiph.com!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Eduardo A. Bustamante López <dualbus@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Segmentation fault in pat_subst |
| Date | Sat, 20 Jul 2019 15:23:00 -0700 |
| Lines | 54 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.1882.1563661389.2688.bug-bash@gnu.org> (permalink) |
| References | <20190720222300.GA13083@system76-pc.vc.shawcable.net> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | usenet.stanford.edu 1563661389 6697 209.51.188.17 (20 Jul 2019 22:23:09 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mail-followup-to:mime-version :content-disposition:content-transfer-encoding:user-agent; bh=bao/9kvSZMHsHxI17kN+PNkP10ALcFZvpMQ3HZ6qq98=; b=vYRYnDGpKqkk0f+76xn9xcK/kgKwND8CuMCH22RaOBNi/3x7poDKRj+AsRyebWsoZ1 RhgUNbDJ71fZv2Y2O4e7xUl1Oog+S/Bg5ZNnZ2Nc0njucxcDvSR/h7pbhI9paMdpgABx 8bP2UCU1onNOWf01O49yFFqFBUUdiM1jdvOz/nBtcIETSur0A/vpeemw+6LoITVxREaB xMypREa0e2OlvUTeq/H7I6jG25OwCKmVllL+VXIiot5/I1aLh/FG2u0zTgvNkRvkJpT8 x2y+2amCGbRGeGLCwDfRoj9giTkuz+3U1YbjIvPQMEfdUrqq30C0i1XAsYgFhId7xByE KGNA== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to :mime-version:content-disposition:content-transfer-encoding :user-agent; bh=bao/9kvSZMHsHxI17kN+PNkP10ALcFZvpMQ3HZ6qq98=; b=oZZm4oM0aOr4JtANW62/kOTSfSCk53hgo5FIbSpkhM1DmVe6xuR73N7Pe2MSra0CH6 4CFMHf0Q5rr3eXczti+BvusGoewI4r4+EVLUM68srsk83oE51mC2P13srSw5X2nuD2u6 uPlyC8Dqf22Iytzq4FMF5wFjWswVhBjzXPon6AGT/PQUGCmL6/m4pvsP7d5G7mHmaHVp FKy7x4y6+b1tRnvp5Htjek3m7PNeUXN17MfWxexEai2L7aQrGTu0P7zKOnTgjLE0GBzl dcyHmvmsgSAdscdyHjCX6ZVvXpJxIbhkbmZ5NTmdoFjVU1MlkAw77dj0QBAYyPOLGzRm 7snQ== |
| X-Gm-Message-State | APjAAAWWq3IB4VxXVQGrNXmnbH6uAilVl9fw42M4h22usBAq8S51ra0o 3pbTwYCmT3L/S5eFeCBViz3K184n |
| X-Google-Smtp-Source | APXvYqzSZ2HOmltjL7M7rE9bPlP/j8joQEq/gOCGqqFm8HIljCOwN8lbvMa6bDxSjSvDMVzqDdlCXw== |
| X-Received | by 2002:a17:902:204:: with SMTP id 4mr64081558plc.178.1563661381425; Sat, 20 Jul 2019 15:23:01 -0700 (PDT) |
| Mail-Followup-To | bug-bash@gnu.org |
| Content-Disposition | inline |
| User-Agent | Mutt/1.10.1 (2018-07-13) |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2607:f8b0:4864:20::62f |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.23 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <https://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <20190720222300.GA13083@system76-pc.vc.shawcable.net> |
| Xref | csiph.com gnu.bash.bug:15196 |
Show key headers only | View raw
Bash `devel' crashes under the following circumstances:
| dualbus@system76-pc:/tmp/build-bash-devel$ CFLAGS='-O0 -ggdb' ~/src/gnu/bash/configure --with-bash-malloc
| (...)
| dualbus@system76-pc:/tmp/build-bash-devel$ make -j$(nproc)
| (...)
| dualbus@system76-pc:/tmp/build-bash-devel$ ./bash -c $'x=0; : ${x/#[0\xef\xbf\xbd\\Z[:]]}'
| Segmentation fault (core dumped)
Here's the stack trace:
| dualbus@system76-pc:/tmp/build-bash-devel$ gdb ./bash --args ./bash -c $'x=0; : ${x/#[0\xef\xbf\xbd\\Z[:]]}'
| GNU gdb (Debian 8.2.1-2+b1) 8.2.1
| (...)
| Reading symbols from ./bash...done.
| (gdb) r
| Starting program: /tmp/build-bash-devel/bash -c x=0\;\ :\ \$\{x/\#\[0�\\Z\[:\]\]\}
|
| Program received signal SIGSEGV, Segmentation fault.
| 0x00005555555d1fae in pat_subst (string=0x55555575f298 "0", pat=0x555555764509 "[0�\\Z[:]]", rep=0x0, mflags=1) at /home/dualbus/src/gnu/bash/subst.c:8136
| 8136 if (str && *str)
| (gdb) bt
| #0 0x00005555555d1fae in pat_subst (string=0x55555575f298 "0", pat=0x555555764509 "[0�\\Z[:]]", rep=0x0, mflags=1) at /home/dualbus/src/gnu/bash/subst.c:8136
| #1 0x00005555555d250b in parameter_brace_patsub (varname=0x55555575f248 "x", value=0x55555575f288 "0", ind=0, patsub=0x555555763f48 "#[0�\\Z[:]]", quoted=0, pflags=0, flags=0)
| at /home/dualbus/src/gnu/bash/subst.c:8306
| #2 0x00005555555d47e2 in parameter_brace_expand (string=0x555555763f28 "${x/#[0�\\Z[:]]}", indexp=0x7fffffffe0d8, quoted=0, pflags=0, quoted_dollar_atp=0x7fffffffe1d4,
| contains_dollar_at=0x7fffffffe1cc) at /home/dualbus/src/gnu/bash/subst.c:9028
| #3 0x00005555555d5ae8 in param_expand (string=0x555555763f28 "${x/#[0�\\Z[:]]}", sindex=0x7fffffffe1d8, quoted=0, expanded_something=0x7fffffffe374, contains_dollar_at=0x7fffffffe1cc,
| quoted_dollar_at_p=0x7fffffffe1d4, had_quoted_null_p=0x7fffffffe1d0, pflags=0) at /home/dualbus/src/gnu/bash/subst.c:9557
| #4 0x00005555555d6ed8 in expand_word_internal (word=0x555555763f68, quoted=0, isexp=0, contains_dollar_at=0x7fffffffe370, expanded_something=0x7fffffffe374)
| at /home/dualbus/src/gnu/bash/subst.c:10125
| #5 0x00005555555da0b6 in shell_expand_word_list (tlist=0x555555763f88, eflags=31) at /home/dualbus/src/gnu/bash/subst.c:11504
| #6 0x00005555555da3bb in expand_word_list_internal (list=0x555555763948, eflags=31) at /home/dualbus/src/gnu/bash/subst.c:11628
| #7 0x00005555555d95b9 in expand_words (list=0x555555763948) at /home/dualbus/src/gnu/bash/subst.c:11148
| #8 0x00005555555a51d9 in execute_simple_command (simple_command=0x5555557639c8, pipe_in=-1, pipe_out=-1, async=0, fds_to_close=0x555555763a88)
| at /home/dualbus/src/gnu/bash/execute_cmd.c:4334
| #9 0x000055555559ed6b in execute_command_internal (command=0x555555763988, asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x555555763a88)
| at /home/dualbus/src/gnu/bash/execute_cmd.c:823
| #10 0x00005555555a2116 in execute_connection (command=0x555555763a48, asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x555555763a88) at /home/dualbus/src/gnu/bash/execute_cmd.c:2707
| #11 0x000055555559f134 in execute_command_internal (command=0x555555763a48, asynchronous=0, pipe_in=-1, pipe_out=-1, fds_to_close=0x555555763a88)
| at /home/dualbus/src/gnu/bash/execute_cmd.c:996
| #12 0x0000555555609e4d in parse_and_execute (string=0x5555557632c8 "x=0; : ${x/#[0�\\Z[:]]}", from_file=0x55555566b0f0 "-c", flags=4)
| at /home/dualbus/src/gnu/bash/builtins/evalstring.c:458
| #13 0x0000555555585632 in run_one_command (command=0x7fffffffebdc "x=0; : ${x/#[0�\\Z[:]]}") at /home/dualbus/src/gnu/bash/shell.c:1424
| #14 0x000055555558477d in main (argc=3, argv=0x7fffffffe8f8, env=0x7fffffffe918) at /home/dualbus/src/gnu/bash/shell.c:735
|
| (gdb) p str
| $1 = 0xdfdfdfdfdfdfdfdf <error: Cannot access memory at address 0xdfdfdfdfdfdfdfdf>
I have been looking around but I don't understand what's going on. I can see
that the value of `str' comes from `e', which in turn comes from
`match_pattern', but it's not clear to me why this is happening.
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Segmentation fault in pat_subst Eduardo A. Bustamante López <dualbus@gmail.com> - 2019-07-20 15:23 -0700
csiph-web