Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail From: Eduardo =?iso-8859-1?Q?A=2E_Bustamante_L=F3pez?= Newsgroups: gnu.bash.bug Subject: Re: Segmentation fault in pat_subst Date: Tue, 23 Jul 2019 22:32:34 -0700 Lines: 20 Approved: bug-bash@gnu.org Message-ID: References: <20190720222300.GA13083@system76-pc.vc.shawcable.net> <20190724053234.GA14361@system76-pc.vc.shawcable.net> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: usenet.stanford.edu 1563946361 13840 209.51.188.17 (24 Jul 2019 05:32:41 GMT) X-Complaints-To: action@cs.stanford.edu Cc: bug-bash@gnu.org To: Chet Ramey Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=YpUvA/E84o4C0g59LGhL4I9LVr3mdtW3NbSr0RiUFYM=; b=jyp1VD83KHpEv826S03RAgTVt7jvqSB+2m+RTOfFpkdQ4F5BNqsCMYL78PaIhgZ6QU l6ShO4wIxeBeuDOVUD79WzwwLgfsXvQgWbMpeESLhxesqL98djdPV/y8HmE9VCIyzPIl AKlEw5d7LTS6eXWirDWEaoG/UTGRSRjTFOwXVExcU+OkcgdP0uVhgXLI98O4bg3ICY/N mSxUyFlYmuL1qeuBzLdaKkGENXHCet3UnDDqm8JtHoUTJmSVHIf9reaNnRkgABznGGPR cbbawYzNzjUt5IQ6kpGxbZI270ULORk3lTTo2LnVsH5bvXOfUowPqiAl6g60B1fHxADn uVHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=YpUvA/E84o4C0g59LGhL4I9LVr3mdtW3NbSr0RiUFYM=; b=Fy9/FxfWNEpEdQwGBf+9cTEmsrLnUAU57BLo6+bqrA/dcFe8e8eV8oXRiEwj9gp3BE f4bZ5MvRUuOty1qv8zYWnc+5R+5IPdbWn4E0EMvjmsU93ArnlL7PaJKho8v142ZdkQvM NFZqacIg3sdTpwCB985JT3HGIc2n/VVovOW+GYTfj7plW2Um19KuXUP8Jam2v9BxQTmM HaphMV5WPPE9gPbaVujNe3YcOeGQNXANOfCrhcWoNh2mYS82vxCga7GSzYfuJrP+0hJx TkvR2O1m2A4Z3pGxzzRdwWwdQ6n9XqJIr7jxooVNUkmTSlAUu3SfrZgYvLECLbRmfb0p n4rg== X-Gm-Message-State: APjAAAWA14OFw5FzS8lsWVbRxSHwgtYRjrisPkwU24sBanL/kWAg8Zuj jXbeCzcN+RaKVx4KmBCA9JU= X-Google-Smtp-Source: APXvYqxUj4rCiwlYEMr2qvM5PihKY9EyZeXwcb+bDPSA/qUy1ui/CjL6K4UAvSxGEzaF9CeNCn3QtA== X-Received: by 2002:a62:cd45:: with SMTP id o66mr9633863pfg.112.1563946355381; Tue, 23 Jul 2019 22:32:35 -0700 (PDT) Mail-Followup-To: Chet Ramey , bug-bash@gnu.org Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::435 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <20190724053234.GA14361@system76-pc.vc.shawcable.net> X-Mailman-Original-References: <20190720222300.GA13083@system76-pc.vc.shawcable.net> Xref: csiph.com gnu.bash.bug:15222 On Sun, Jul 21, 2019 at 06:56:09PM -0400, Chet Ramey wrote: (...) > Thanks for the report. Look at match_wpattern and consider what happens if > wmatchlen returns something longer than the string length. It will be fixed > for the next devel branch push. Aha! I see. | Starting program: /tmp/bash/bash -c x=0\;\ :\ \$\{x/\#\[0�\\Z\[:\]\]\} | | Breakpoint 1, match_wpattern (wstring=0x5555556c1d90 L"0", indices=0x5555556c1e20, wstrlen=1, wpat=0x5555556c1d00 L"[0�\\Z[:]]", mtype=1, sp=0x7fffffffd918, ep=0x7fffffffd910) | at /home/dualbus/src/gnu/bash/subst.c:4963 | 4963 if (mlen > wstrlen) | (gdb) p mlen | $1 = 2 | (gdb) p wstrlen | $2 = 1 Interesting, I can see how that `mlen = 2' can cause trouble. Thank you for the pointer and the fix!